Bump the all-dependencies group across 1 directory with 20 updates

[dependabot]

Bumps the all-dependencies group with 20 updates in the /api directory:

Package	From	To
boto3	1.42.39	1.42.76
botocore	1.42.39	1.42.76
certifi	2026.1.4	2026.2.25
charset-normalizer	3.4.4	3.4.6
greenlet	3.3.1	3.3.2
importlib-metadata	8.7.1	9.0.0
pydantic-core	2.41.5	2.42.0
pytz	2025.2	2026.1.post1
sqlalchemy	2.0.46	2.0.48
werkzeug	3.1.6	3.1.7
coverage	7.13.2	7.13.5
tox	4.34.1	4.50.3
pip	26.0	26.0.1
pip-tools	7.5.2	7.5.3
cachetools	6.2.6	7.0.5
chardet	5.2.0	7.3.0
filelock	3.20.3	3.25.2
identify	2.6.16	2.6.18
platformdirs	4.5.1	4.9.4
virtualenv	20.36.1	21.2.0

Updates boto3 from 1.42.39 to 1.42.76

Commits

• ee6c3e4 Merge branch 'release-1.42.76'
• 1abf640 Bumping version to 1.42.76
• 0a383d4 Add changelog entries from botocore
• aaab8ce Merge branch 'release-1.42.75'
• 9ee6523 Merge branch 'release-1.42.75' into develop
• a0efc54 Bumping version to 1.42.75
• 644038a Add changelog entries from botocore
• 70f04ae Update presigned URL docs to use sigv4 (#4740)
• 69695bb Bump github/codeql-action from 4.33.0 to 4.34.1 (#4742)
• efb76df Merge branch 'release-1.42.74'
• Additional commits viewable in compare view

Updates botocore from 1.42.39 to 1.42.76

Commits

• eded7ce Merge branch 'release-1.42.76'
• 1ecb1a3 Bumping version to 1.42.76
• f725d85 Update to latest models
• cfa4484 Merge branch 'release-1.42.75'
• 2ccc2db Merge branch 'release-1.42.75' into develop
• f9f7581 Bumping version to 1.42.75
• 6098ae2 Update to latest models
• 6976bba Revert "Add support for opting out of S3 Express session auth via config sett...
• 1135b36 Replace glacier integration and smoke tests with functional tests (#3656)
• 6cd03e6 Add support for opting out of S3 Express session auth via config settings. (#...
• Additional commits viewable in compare view

Updates certifi from 2026.1.4 to 2026.2.25

Commits

• 8571a4b 2026.02.25 (#395)
• 6f7de00 Bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 (#390)
• a1de59b Bump actions/checkout from 6.0.1 to 6.0.2 (#391)
• 7f5ade5 Bump actions/setup-python from 6.1.0 to 6.2.0 (#392)
• See full diff in compare view

Updates charset-normalizer from 3.4.4 to 3.4.6

Release notes

Sourced from charset-normalizer's releases.

Version 3.4.6

3.4.6 (2026-03-15)

Changed

• Flattened the logic in charset_normalizer.md for higher performance. Removed eligible(..) and feed(...) in favor of feed_info(...).
• Raised upper bound for mypy[c] to 1.20, for our optimized version.
• Updated UNICODE_RANGES_COMBINED using Unicode blocks v17.

Fixed

• Edge case where noise difference between two candidates can be almost insignificant. (#672)
• CLI --normalize writing to wrong path when passing multiple files in. (#702)

Misc

• Freethreaded pre-built wheels now shipped in PyPI starting with 3.14t. (#616)

Version 3.4.5

3.4.5 (2026-03-06)

Changed

• Update setuptools constraint to setuptools>=68,<=82.
• Raised upper bound of mypyc for the optional pre-built extension to v1.19.1

Fixed

• Add explicit link to lib math in our optimized build. (#692)
• Logger level not restored correctly for empty byte sequences. (#701)
• TypeError when passing bytearray to from_bytes. (#703)

Misc

• Applied safe micro-optimizations in both our noise detector and language detector.
• Rewrote the query_yes_no function (inside CLI) to avoid using ambiguous licensed code.
• Added cd.py submodule into mypyc optional compilation to reduce further the performance impact.

[!WARNING]
mypyc changed the usual binary output for the optimized wheel. Beware, especially if using PyInstaller or alike. See jawah/charset_normalizer#714

Changelog

Sourced from charset-normalizer's changelog.

3.4.6 (2026-03-15)

Changed

• Flattened the logic in charset_normalizer.md for higher performance. Removed eligible(..) and feed(...) in favor of feed_info(...).
• Raised upper bound for mypy[c] to 1.20, for our optimized version.
• Updated UNICODE_RANGES_COMBINED using Unicode blocks v17.

Fixed

• Edge case where noise difference between two candidates can be almost insignificant. (#672)
• CLI --normalize writing to wrong path when passing multiple files in. (#702)

Misc

• Freethreaded pre-built wheels now shipped in PyPI starting with 3.14t. (#616)

3.4.5 (2026-03-06)

Changed

• Update setuptools constraint to setuptools>=68,<=82.
• Raised upper bound of mypyc for the optional pre-built extension to v1.19.1

Fixed

• Add explicit link to lib math in our optimized build. (#692)
• Logger level not restored correctly for empty byte sequences. (#701)
• TypeError when passing bytearray to from_bytes. (#703)

Misc

• Applied safe micro-optimizations in both our noise detector and language detector.
• Rewrote the query_yes_no function (inside CLI) to avoid using ambiguous licensed code.
• Added cd.py submodule into mypyc optional compilation to reduce further the performance impact.

Commits

• 5478b84 Merge pull request #715 from jawah/release-3.4.6
• 5c0a09e ✔️ add confidence for threading usage, mostly due to lru_cach...
• ef826b2 📝 update changelog
• 5564f1a 📝 update docs accordingly
• 0f2cf7d 📝 update changelog
• 54a1894 🐛 fix --normalize writing to wrong path with multiple files
• 2177e28 📝 update changelog
• b2497a5 🐛 edge case where noise difference between two candidates can be almost i...
• 13a5d0b 🔧 upgrade ci requirements
• b9ffbd4 🔧 enable 3.14t nox mypyc session
• Additional commits viewable in compare view

Updates greenlet from 3.3.1 to 3.3.2

Changelog

Sourced from greenlet's changelog.

3.3.2 (2026-02-20)

• Fix a crash on Python 3.10 if there are active greenlets during interpreter shutdown. See PR 495 <https://github.com/python-greenlet/greenlet/pull/495>_ by Nicolas Bouvrette.

Commits

• a62f331 Preparing release 3.3.2
• c73a2c6 Pull in change note for 3.2.5
• 4eb47c8 test_untracked_memory_doesnt_increase_unfinished_thread_dealloc_in_main: A ch...
• 53ac405 Add change note for #495
• d5b8515 Merge pull request #495 from nbouvrette/fix/safe-finalization-py310
• e0625d7 Merge pull request #494 from daniel7an/fix/issue-492-spdx-license
• 292e126 Fix SIGSEGV/SIGABRT during interpreter shutdown on Python < 3.11
• 77e65f0 Fix SPDX license identifier: Python-2.0 → PSF-2.0
• d4606ef leak tests: do a better job skipping if uss isn't available. Fixes #485
• 74a11b8 Back to development: 3.3.2
• See full diff in compare view

Updates importlib-metadata from 8.7.1 to 9.0.0

Changelog

Sourced from importlib-metadata's changelog.

v9.0.0

Deprecations and Removals

• Added MetadataNotFound (subclass of FileNotFoundError) and updated Distribution.metadata/metadata() to raise it when the metadata files are missing instead of returning Nonepython/cpython#143387#532)

v8.9.0

Features

• python/cpython#110937python/cpython#140141, python/cpython#143658)

v8.8.0

Features

• Removed Python 3.9 compatibility.

Commits

• a9f883f Finalize
• 9b0dfdf Raise an exception when no metadata file is found (#532)
• 0f2229c Merge branch 'main' into feature/no-metadata-exception
• 2f4088e Remove news fragments about internal details.
• 0ac2720 Add news fragment.
• a5c2154 Finalize
• e66e226 Drop support for EOL Python 3.9 (#530)
• 6027933 Add news fragment.
• b89388a Import os_helper directly.
• 2dcb761 Add uniform exclusions for test.support.
• Additional commits viewable in compare view

Updates pydantic-core from 2.41.5 to 2.42.0

Commits

• See full diff in compare view

Updates pytz from 2025.2 to 2026.1.post1

Commits

• 02509d0 Update test runners for new Pythons and github actions
• 43c1cb2 Bump version number to 2026.1.post1
• 6ee7e56 Try to access resource using importlib.resources
• 95fe75d Bump version number to 2026.1 (2026a)
• 7034275 Updates for upstream directory layout changes
• 4dd79d3 IANA 2026a
• 08d7e76 Squashed 'tz/' changes from 7e1145bfdb..e23c045f8f
• b07d947 try to access resource using importlib.resources
• See full diff in compare view

Updates sqlalchemy from 2.0.46 to 2.0.48

Release notes

Sourced from sqlalchemy's releases.

2.0.48

Released: March 2, 2026

engine

• [engine] [bug] Fixed a critical issue in Engine where connections created in conjunction with the DialectEvents.do_connect() event listeners would receive shared, mutable collections for the connection arguments, leading to a variety of potential issues including unlimited growth of the argument list as well as elements within the parameter dictionary being shared among concurrent connection calls. In particular this could impact do_connect routines making use of complex mutable authentication structures.

  References: #13144

2.0.47

Released: February 24, 2026

orm

• [orm] [bug] Fixed issue when using ORM mappings with Python 3.14's PEP 649 feature that no longer requires "future annotations", where the ORM's introspection of the __init__ method of mapped classes would fail if non-present identifiers in annotations were present. The vendored getfullargspec() method has been amended to use Format.FORWARDREF under Python 3.14 to prevent resolution of names that aren't present.

  References: #13104

engine

• [engine] [usecase] The connection object returned by _engine.Engine.raw_connection() now supports the context manager protocol, automatically returning the connection to the pool when exiting the context.

  References: #13116

postgresql

• [postgresql] [bug] Fixed an issue in the PostgreSQL dialect where foreign key constraint reflection would incorrectly swap or fail to capture onupdate and ondelete values when these clauses appeared in a different order than expected in the constraint definition. This issue primarily affected

... (truncated)

Commits

• See full diff in compare view

Updates werkzeug from 3.1.6 to 3.1.7

Release notes

Sourced from werkzeug's releases.

3.1.7

This is the Werkzeug 3.1.7 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Werkzeug/3.1.7/ Changes: https://werkzeug.palletsprojects.com/page/changes/#version-3-1-7 Milestone: https://github.com/pallets/werkzeug/milestone/44?closed=1

• parse_list_header preserves partially quoted items, discards empty items, and returns empty for unclosed quoted values. #3128
• WWWAuthenticate.to_header does not produce a trailing space when there are no parameters. #3127
• Transfer-Encoding is parsed as a set. #3134
• Request.host, get_host, and host_is_trusted validate the characters of the value. An empty value is no longer allowed. A Unix socket server address is ignored. The trusted_list argument to host_is_trusted is optional. #3113
• Fix multipart form parser handling of newline at boundary. #3088
• Response.make_conditional sets the Accept-Ranges header even if it is not a satisfiable range request. #3108
• merge_slashes merges any number of consecutive slashes. #3121

Changelog

Sourced from werkzeug's changelog.

Version 3.1.7

Released 2026-03-23

• parse_list_header preserves partially quoted items, discards empty items, and returns empty for unclosed quoted values. :pr:3128
• WWWAuthenticate.to_header does not produce a trailing space when there are no parameters. :issue:3127
• Transfer-Encoding is parsed as a set. :pr:3134
• Request.host, get_host, and host_is_trusted validate the characters of the value. An empty value is no longer allowed. A Unix socket server address is ignored. The trusted_list argument to host_is_trusted is optional. :pr:3113
• Fix multipart form parser handling of newline at boundary. :issue:3088
• Response.make_conditional sets the Accept-Ranges header even if it is not a satisfiable range request. :issue:3108
• merge_slashes merges any number of consecutive slashes. :issue:3121

Commits

• 005d93b release version 3.1.7
• c328342 merge any number of slashes (#3136)
• 23142a3 merge any number of slashes
• b913d68 always set accept-ranges header
• f282943 Correct 1049dd6b2a363e1ef302b4161c340fb8582f627a
• d3d3df5 validate host characters
• 2c6a3a5 parse transfer-encoding as set (#3134)
• 63261cd parse transfer-encoding as set
• dafe7f1 fix trailing whitespace in WWW-Authenticate bearer (#3129)
• 051fd66 fix trailing whitespace in WWW-Authenticate bearer
• Additional commits viewable in compare view

Updates coverage from 7.13.2 to 7.13.5

Changelog

Sourced from coverage's changelog.

Version 7.13.5 — 2026-03-17

• Fix: issue 2138_ describes a memory leak that happened when repeatedly using the Coverage API with in-memory data. This is now fixed.

• Fix: the markdown-formatted coverage report didn't fully escape special characters in file paths (issue 2141). This would be very unlikely to cause a problem, but now it's done properly, thanks to Ellie Ayla <pull 2142_>.

• Fix: the C extension wouldn't build on VS2019, but now it does (issue 2145_).

.. _issue 2138: coveragepy/coveragepy#2138 .. _issue 2141: coveragepy/coveragepy#2141 .. _pull 2142: coveragepy/coveragepy#2142 .. _issue 2145: coveragepy/coveragepy#2145

.. _changes_7-13-4:

Version 7.13.4 — 2026-02-09

• Fix: the third-party code fix in 7.13.3 required examining the parent directories where coverage was run. In the unusual situation that one of the parent directories is unreadable, a PermissionError would occur, as described in issue 2129_. This is now fixed.

• Fix: in test suites that change sys.path, coverage.py could fail with "RuntimeError: Set changed size during iteration" as described and fixed in pull 2130_. Thanks, Noah Fatsi.

• We now publish ppc64le wheels, thanks to Pankhudi Jain <pull 2121_>_.

.. _pull 2121: coveragepy/coveragepy#2121 .. _issue 2129: coveragepy/coveragepy#2129 .. _pull 2130: coveragepy/coveragepy#2130

.. _changes_7-13-3:

Version 7.13.3 — 2026-02-03

• Fix: in some situations, third-party code was measured when it shouldn't have been, slowing down test execution. This happened with layered virtual environments such as uv sometimes makes. The problem is fixed, closing issue 2082_. Now any directory on sys.path that is inside a virtualenv is considered third-party code.

... (truncated)

Commits

• c88da14 docs: sample HTML for 7.13.5
• e2ac3e1 build: sample HTML shouldn't include the status.json file
• 910f8f3 docs: prep for 7.13.5
• 3a4819c style: make workflows more uniform
• 2a53705 chore: bump the action-dependencies group across 1 directory with 4 updates (...
• e7c878d chore: make upgrade
• ab4db40 build: use --generate-hashes when pinning
• a438753 chore: make upgrade
• 7b33457 refactor: some leftover pyupgrade 3.10 bits
• 2ff968d refactor: this type wasn't used anywhere
• Additional commits viewable in compare view

Updates tox from 4.34.1 to 4.50.3

Release notes

Sourced from tox's releases.

v4.50.3

What's Changed

• 🐛 fix(pkg): distinguish free-threaded Python in wheel build env by @​gaborbernat in tox-dev/tox#3891

Full Changelog: tox-dev/tox@4.50.2...4.50.3

v4.50.2

What's Changed

• fix(sdist): include docs/man/tox.1.rst by @​branchv in tox-dev/tox#3890

New Contributors

• @​branchv made their first contribution in tox-dev/tox#3890

Full Changelog: tox-dev/tox@4.50.1...4.50.2

v4.50.1

What's Changed

• 🐛 fix(env): suggest normalized env name for dotted Python versions by @​gaborbernat in tox-dev/tox#3888

Full Changelog: tox-dev/tox@4.50.0...4.50.1

v4.50.0

What's Changed

• document {env:TOX_PACKAGE} for referencing built packages in commands by @​rahuldevikar in tox-dev/tox#3873
• 🧪 test(docs): validate doc config examples to prevent regressions by @​gaborbernat in tox-dev/tox#3875
• ✨ feat(run): add interrupt_post_commands for cleanup after Ctrl-C by @​gaborbernat in tox-dev/tox#3882
• ✨ feat(config): support subscript syntax and env_name in conditionals by @​gaborbernat in tox-dev/tox#3884

Full Changelog: tox-dev/tox@4.49.1...4.50.0

v4.49.1

What's Changed

• Update maintainers by @​rahuldevikar in tox-dev/tox#3868
• 🐛 fix(run): break deadlock in execution interrupt chain by @​gaborbernat in tox-dev/tox#3869

Full Changelog: tox-dev/tox@4.49.0...4.49.1

... (truncated)

Changelog

Sourced from tox's changelog.

Bug fixes - 4.50.3

• Use separate .pkg environments for free-threaded Python targets by including the t suffix in the wheel build environment name (e.g., .pkg-cpython314t), preventing wheel tag mismatches when building for py314t - by :user:gaborbernat. (:issue:3314)

---

v4.50.2 (2026-03-19)

---

Bug fixes - 4.50.2

• Fix the sdist to include the missing docs/man/tox.1.rst file for building the manpage (:issue:3889)

---

v4.50.1 (2026-03-19)

---

Bug fixes - 4.50.1

• Detect and suggest normalized environment names when users specify dotted Python versions (e.g., py3.10-lint) that match existing environments with compact notation (e.g., py310-lint), preventing silent fallback to base [testenv] configuration - by :user:gaborbernat. (:issue:3877)

---

v4.50.0 (2026-03-17)

---

Features - 4.50.0

• Add interrupt_post_commands option to run cleanup commands even after SIGINT - by :user:gaborbernat. (:issue:3858)
• Add factor['NAME'] and env['VAR'] subscript syntax for conditional expressions, enabling checks of factors with non-identifier names like factor['3.14']. Add env_name variable to check the full environment name in conditions. (:issue:3880)

Bug fixes - 4.50.0

• Fix multiple manpage issues: remove duplicate header/author/copyright sections, set project in Sphinx config, and compile the manpage to troff format at wheel-build time instead of shipping raw RST source - by :user:gaborbernat. (:issue:3878)

Improved documentation - 4.50.0

... (truncated)

Commits

• 7283912 release 4.50.3
• 9672736 🐛 fix(pkg): distinguish free-threaded Python in wheel build env (#3891)
• 1662c61 release 4.50.2
• ef45bd8 fix(sdist): include docs/man/tox.1.rst (#3890)
• dcd9552 release 4.50.1
• a438b58 🐛 fix(env): suggest normalized env name for dotted Python versions (#3888)
• db1362d release 4.50.0
• 2d18e29 ✨ feat(config): support subscript syntax and env_name in conditionals (#3884)
• bf4e4e8 ✨ feat(run): add interrupt_post_commands for cleanup after Ctrl-C (#3882)
• fb1f6af [pre-commit.ci] pre-commit autoupdate (#3879)
• Additional commits viewable in compare view

Updates pip from 26.0 to 26.0.1

Changelog

Sourced from pip's changelog.

26.0.1 (2026-02-04)

Bug Fixes

• Fix --pre not being respected from the command line when a requirement file includes an option e.g. -extra-index-url. ([#13788](https://github.com/pypa/pip/issues/13788) <https://github.com/pypa/pip/issues/13788>_)

Commits

• 5fe4ea4 Bump for release
• bea3cbe windows fix tests
• ed22252 News Entry
• af13274 Match release control behavior to the same as format control behavior
• See full diff in compare view

Updates pip-tools from 7.5.2 to 7.5.3

Release notes

Sourced from pip-tools's releases.

v7.5.3

2026-02-11

Bug fixes

• The option --unsafe-package is now normalized -- by @​shifqu.

  PRs and issues: #2150

• Fixed a bug in which pip-compile lost any index URL options when looking up hashes -- by @​sirosen.

  This caused errors when a package was only available from an extra index, and caused pip-compile to incorrectly drop index URL options from output, even when they were present in the input requirements.

  PRs and issues: #2220, #2294, #2305

• Fixed removal of temporary files used when reading requirements from stdin -- by @​sirosen.

Features

• pip-tools is now tested against Python 3.14 and 3.14t in CI, and marks them as supported in the core packaging metadata -- by @​webknjaz.

  PRs and issues: #2255

• pip-tools is now compatible with pip 26.0 -- by @​sirosen.

  PRs and issues: #2319, #2320

Removals and backward incompatible breaking changes

• Removed support for Python 3.8 -- by @​sirosen.

Improved documentation

• The change log management infra now allows the maintainers to add notes before and after the regular categories -- by @​webknjaz.

  PRs and issues: #2287, #2322

• Added documentation clarifying that pip-compile reads the existing output file as a constraint source, and how to use --upgrade to refresh dependencies -- by @​maliktafheem.

  PRs and issues: #2307

... (truncated)

Changelog

Sourced from pip-tools's changelog.

v7.5.3

2026-02-09

Bug fixes

• The option --unsafe-package is now normalized -- by {user}shifqu.

  PRs and issues: {issue}2150

• Fixed a bug in which pip-compile lost any index URL options when looking up hashes -- by {user}sirosen.

  This caused errors when a package was only available from an extra index, and caused pip-compile to incorrectly drop index URL options from output, even when they were present in the input requirements.

  PRs and issues: {issue}2220, {issue}2294, {issue}2305

• Fixed removal of temporary files used when reading requirements from stdin -- by {user}sirosen.

Features

• pip-tools is now tested against Python 3.14 and 3.14t in CI, and marks them as supported in the core packaging metadata -- by {user}webknjaz.

  PRs and issues: {issue}2255

• pip-tools is now compatible with pip 26.0 -- by {user}sirosen.

  PRs and issues: {issue}2319, {issue}2320

Removals and backward incompatible breaking changes

• Removed support for Python 3.8 -- by {user}sirosen.

Improved documentation

• The change log management infra now allows the maintainers to add notes before and after the regular categories -- by {user}webknjaz.

  PRs and issues: {issue}2287, {issue}2322

• Added documentation clarifying that pip-compile reads the existing output file as a constraint source, and how to use --upgrade to refresh dependencies -- by {user}maliktafheem.

  PRs and issues: {issue}2307

... (truncated)

Commits

• 5f31d8a Merge pull request #2332 from sirosen/fix-release-version-normalization
• 106f1d6 Fix CI workflow to normalize versions (for release)
• 3a0f5ed Merge pull request #2329 from sirosen/release/v7.5.3
• e4bd31d Merge pull request #2328 from jazzband/pre-commit-ci-update-config
• 08107ab Update changelog for version 7.5.3
• 5b4d130 Merge pull request #2325 from sirosen/ensure-tmpfile-cleanup
• cc6a2b9 Apply feedback/suggestions from review
• fc53265 [pre-commit.ci] pre-commit autoupdate
• 6c27507 Add 'tempfile_compat' to handle windows tmp files
• 9ac94db Fix leak of temp files when reading from stdin
• Additional commits viewable in compare view

Updates cachetools from 6.2.6 to 7.0.5

Changelog

Sourced from cachetools's changelog.

v7.0.5 (2026-03-09)

• Minor @cachedmethod performance improvements.

v7.0.4 (2026-03-08)

• Fix and properly document @cachedmethod.cache_key behavior.

• Minor documentation improvements.

v7.0.3 (2026-03-05)

• Fix DeprecationWarning when creating an autospec mock with @cachedmethod decorations.

v7.0.2 (2026-03-02)

• Provide more efficient clear() implementation for all support Cache classes (courtesy Josep Pon Farreny).

v7.0.1 (2026-02-10)

• Various test improvements.

• Update Copilot Instructions.

v7.0.0 (2026-02-01)

• Require Python 3.10 or later (breaking change).

• Drop support for passing info as fourth positional parameter to @cached (breaking change).

• Drop support for cache(self) returning None with @cachedmethod (breaking change).

• Convert the @cachedmethod wrappers to descriptors, deprecating its use with class methods and instances that do not provide a mutable __dict__ attribute (potentially breaking change).

... (truncated)

Commits

• 5dce86f Release v7.0.5.
• af5e688 Minor @​cachedmethod performance improvements.
• 0ca75e6 Relase v7.0.4.
• 5b1fa39 Prepare v7.0.4.
• 18e5930 Fix #218: Fix and properly document @​cachedmethod.cache_key handling.
• 98ec79f Drop "class method" from @​cachedmethod docstring.
• 93822a3 Release v7.0.3.
• 57d2e48 Fix #387: Handle obj=None case for inspection in _DescriptorBase.
• 8011b71 Release v7.0.2.
• 73d1602 Minor cleanups.
• Additional commits viewable in compare view

Updates chardet from 5.2.0 to 7.3.0

Release notes

Sourced from chardet's releases.

7.3.0

License

• 0BSD license — the project license has been changed from MIT to 0BSD, a maximally permissive license with no attribution requirement. All prior 7.x releases should also be considered 0BSD licensed as of this release.

Features

• Added mime_type field to detection results — identifies file types for both binary (via magic number matching) and text content. Returned in all detect(), detect_all(), and UniversalDetector results. (#350)
• New pipeline/magic.py module detects 40+ binary file formats including images, audio/video, archives, documents, executables, and fonts. ZIP-based formats (XLSX, DOCX, JAR, APK, EPUB, wheel, OpenDocument) are distinguished by entry filenames. (#350)

Bug Fixes

• Fixed incorrect equivalence between UTF-16-LE and UTF-16-BE in accuracy testing — these are distinct encodings with different byte order, not interchangeable

Performance

• Added 4 new modules to mypyc compilation (orchestrator, confusion, magic, ascii), bringing the total to 11 compiled modules
• Capped statistical scoring at 16 KB — bigram models converge quickly, so large files no longer score the full 200 KB. Worst-case detection time dropped from 62ms to 26ms with no accuracy loss.
• Replaced dataclasses.replace() with direct DetectionResult construction on hot paths, eliminating ~354k function calls per full test suite run

Build

• Added riscv64 to the mypyc wheel build matrix — prebuilt wheels are now published for RISC-V Linux alongside existing architectures (#348, thanks @​gounthar)

chardet 7.2.0

Features

• Added include_encodings and exclude_encodings parameters to detect(), detect_all(), and UniversalDetector — restrict or exclude specific encodings from the candidate set, with corresponding -i/--include-encodings and -x/--exclude-encodings CLI flags (#343)
• Added no_match_encoding (default "cp1252") and empty_input_encoding (default "utf-8") parameters — control which encoding is returned when no candidate survives the pipeline or the input is empty, with corresponding CLI flags (#343)
• Added -l/--language flag to chardetect CLI — shows the detected language (ISO 639-1 code and English name) alongside the encoding (#342)

Fixes

• Fixed null-separated ASCII data being misdetected as UTF-16-BE (#346, #347)

Full changelog: https://chardet.readthedocs.io/en/latest/changelog.html

chardet 7.1.0

Features

• Added PEP 263 encoding declaration detection — # -*- coding: ... -*- and # coding=... declarations on lines 1–2 of Python source files are now recognized with confidence 0.95 (#249)
• Added chardet.universaldetector backward-compatibility stub so that from chardet.universaldetector import UniversalDetector works with a deprecation warning (#341)

Fixes

• Fixed false UTF-7 detection of ASCII text containing ++ or +word patterns (#332)
• Fixed 0.5s startup cost on first detect() call — model norms are now computed during loading instead of lazily iterating 21M entries (#333)
• Fixed undocumented encoding name changes between chardet 5.x and 7.0 — detect() now returns chardet 5.x-compatible names by default (#338)
• Improved ISO-2022-JP family detection — recognizes ESC sequences for ISO-2022-JP-2004 (JIS X 0213) and ISO-2022-JP-EXT (JIS X 0201 Kana)
• Fixed silent truncation of corrupt model data (iter_unpack yielded fewer tuples instead of raising)

... (truncated)

Changelog

Sourced from chardet's changelog.

7.3.0 (2026-03-24)

License:

• 0BSD license — the project license has been changed from MIT to 0BSD <https://opensource.org/license/0bsd>, a maximally permissive license with no attribution requirement. All prior 7.x releases should also be considered 0BSD licensed as of this release. (Dan Blanchard <https://github.com/dan-blanchard> via Claude)

Features:

• Added mime_type field to detection results — identifies file types for both binary (via magic number matching) and text content. Returned in all detect(), detect_all(), and UniversalDetector results. (Dan Blanchard <https://github.com/dan-blanchard>_ via Claude, [#350](https://github.com/chardet/chardet/issues/350) <https://github.com/chardet/chardet/pull/350>_)
• New pipeline/magic.py module detects 40+ binary file formats including images, audio/video, archives, documents, executables, and fonts. ZIP-based formats (XLSX, DOCX, JAR, APK, EPUB, wheel, OpenDocument) are distinguished by entry filenames. (Dan Blanchard <https://github.com/dan-blanchard>_ via Claude, [#350](https://github.com/chardet/chardet/issues/350) <https://github.com/chardet/chardet/pull/350>_)

Bug Fixes:

• Fixed incorrect equivalence between UTF-16-LE and UTF-16-BE in accuracy testing — these are distinct encodings with different byte order, not interchangeable (Dan Blanchard <https://github.com/dan-blanchard>_ via Claude)

Performance:

• Added 4 new modules to mypyc compilation (orchestrator, confusion, magic, ascii), bringing the total to 11 compiled modules (Dan Blanchard <https://github.com/dan-blanchard>_ via Claude)
• Capped statistical scoring at 16 KB — bigram models converge quickly, so large files no longer score the full 200 KB. Worst-case detection time dropped from 62ms to 26ms with no accuracy loss. (Dan Blanchard <https://github.com/dan-blanchard>_ via Claude)
• Replaced dataclasses.replace() with direct DetectionResult construction on hot paths, eliminating ~354k function calls per full test suite run (Dan Blanchard <https://github.com/dan-blanchard>_ via Claude)

Build:

• Added riscv64 to the mypyc wheel build matrix — prebuilt wheels are now published for RISC-V Linux alongside existing architectures

... (truncated)

Commits

• 9402975 docs: clarify that git tags have no v prefix in CLAUDE.md
• 80f5d95 docs: explicitly list all performance.rst tables in update skill
• 4ca09ed docs: single alphabetical table for supported MIME types
• 78c3551 docs: add supported MIME types page with auto-generation script
• d59bbba docs: fix stale numbers, add mime_type, update pipeline and mypyc lists

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.