Skip to content

chore(deps-dev): bump the other-dependencies group across 1 directory with 4 updates#1118

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/other-dependencies-020fe3e55a
Open

chore(deps-dev): bump the other-dependencies group across 1 directory with 4 updates#1118
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/other-dependencies-020fe3e55a

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 17, 2026

Copy link
Copy Markdown
Contributor

Bumps the other-dependencies group with 4 updates in the / directory: anyio, mypy, tomlkit and tzdata.

Updates anyio from 4.14.1 to 4.14.2

Release notes

Sourced from anyio's releases.

4.14.2

  • Changed ByteReceiveStream.receive() implementations to raise a ValueError when max_bytes is not a positive integer (#1191)
  • Fixed CapacityLimiter.total_tokens rejecting float("inf") when the limiter was instantiated outside of an event loop. The adapter setter checked for infinity by identity (value is math.inf), so only the exact math.inf singleton was accepted, while every backend setter (using math.isinf()) accepts any positive infinity (#1189; PR by @​greymoth-jp).
  • Fixed to_process.run_sync() deadlocking when the worker function writes enough data to sys.stderr to fill the (undrained) pipe buffer. The worker process now redirects sys.stderr to os.devnull as well, matching the documented behavior
  • Fixed TLSStream.wrap() matching an internationalized (unicode) host name against the peer certificate using IDNA 2003 (via the standard library) instead of IDNA 2008, which could cause the host name to be matched against the wrong certificate (#1208)
  • Fixed anyio.open_process() (and run_process()) ignoring the extra_groups argument, as it mistakenly passed the value of the group argument instead (#1209)
  • Fixed CapacityLimiter.acquire_nowait() and CapacityLimiter.acquire_nowait_on_behalf_of() raising trio.WouldBlock instead of anyio.WouldBlock on the trio backend when there are no tokens available (#1218)
  • Fixed CapacityLimiter on the asyncio backend over-granting tokens (borrowed_tokens exceeding total_tokens and available_tokens going negative) when a non-blocking acquire was made in the window between a token being released and the notified waiter resuming. The freed token is now reserved for the woken waiter right away, so the non-blocking acquire correctly raises WouldBlock (#1170; PR by @​gaoflow)
  • Fixed unnecessary CPU spin when delivering cancellation from CancelScope on asyncio under certain conditions, including improper cancel scope nesting (#1111)
Commits
  • c384f99 Bumped up the version
  • dbba29d Fixed 100% CPU spin on cancel scope misuse (#1217)
  • 6bbc6c3 Fix CapacityLimiter over-granting tokens on asyncio (#1172)
  • 6f82b25 Refactored TestTLSStream.test_receive_invalid_max_bytes() to be less flaky
  • be24b04 Relaxed timeouts to fix test flakiness
  • 8113506 Fix test flakiness caused by slow callback duration logging
  • 1e988b6 Fixed CapacityLimiter raising trio.WouldBlock instead of anyio.WouldBlock (#1...
  • 44713f3 Pin setup-uv to a commit sha across downstream jobs (#1213)
  • f1b7301 Fixed stderr writes in a worker subprocess causing a deadlock (#1207)
  • 212be93 Fix flaky test_tcp_listener_same_port using a hardcoded port (#1206)
  • Additional commits viewable in compare view

Updates mypy from 2.2.0 to 2.3.0

Changelog

Sourced from mypy's changelog.

Mypy Release Notes

Next Release

Packaging changes

Mypy 2.3

We've just uploaded mypy 2.3.0 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance improvements and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

The Upcoming Switch to the New Native Parser

We are planning to enable the new native parser (--native-parser) by default soon. We recommend that you test the native parser in your projects and report any issues in the mypy issue tracker.

Mypyc Free-threading Memory Safety

Free-threaded Python builds that don't have the GIL require additional synchronization primitives or lock-free algorithms to ensure memory safety when there are race conditions (for example, when a thread reads a list item while another thread writes the same list item concurrently). This release greatly improves memory safety of free threading.

List operations are now memory-safe on free threaded Python builds, even in the presence of race conditions. This has some performance cost. For list-heavy workloads, using librt.vecs.vec instead of list is often significantly faster, but note that vec is not (and likely won't be) fully memory safe, and the user is expected to avoid race conditions. The newly introduced librt.threading.Lock helps with this. Using variable-length tuples can also be more efficient than lists, since tuples are immutable and don't require expensive synchronization to ensure memory safety.

Instance attribute access is also (mostly) memory safe now on free-threaded builds in the presence of race conditions. We are planning to fix the remaining unsafe cases in a future release.

Full list of changes:

  • Make attribute access memory safe on free-threaded builds (Jukka Lehtosalo, PR 21705)
  • Fix unsafe borrowing of instance attributes with free-threading (Jukka Lehtosalo, PR 21688)
  • Make list get/set item more memory safe on free-threaded builds (Jukka Lehtosalo, PR 21683)
  • Don't borrow list items on free-threaded builds (Jukka Lehtosalo, PR 21679)
  • Make multiple assignment from list memory-safe on free-threaded builds (Jukka Lehtosalo, PR 21684)

... (truncated)

Commits
  • 8aabf84 Drop +dev from version
  • 4d8ad2a Update changelog for 2.3 release (#21728)
  • 2c21546 [mypyc] Update documentation of race conditions under free threading (#21726)
  • a9f62a3 [mypyc] Make attribute access memory safe on free-threaded builds (#21705)
  • 0faa413 Use PYODIDE environment variable for Emscripten cross-compilation detection...
  • 3d75cdb [mypyc] Borrow final attributes more aggressively (#21702)
  • 24c237d [mypyc] Improve documentation of Final (#21713)
  • b5be217 [mypyc] Update free threading Python compatibility docs (#21711)
  • cbcb51a Narrow for frozendict membership check (#21709)
  • af2bc0f Sync typeshed (#21707)
  • Additional commits viewable in compare view

Updates tomlkit from 0.15.0 to 0.15.1

Release notes

Sourced from tomlkit's releases.

0.15.1

What's Changed

... (truncated)

Changelog

Sourced from tomlkit's changelog.

[0.15.1] - 2026-07-17

Changed

  • Speed up membership tests (key in ...) on Container, Table and InlineTable with native __contains__ implementations, avoiding the inherited MutableMapping round-trip through __getitem__ (which resolves the value and builds an exception on every absent key). (#483)
  • Speed up parsing by making Source index-based: it now tracks an integer position over the input string instead of materializing a list of (index, char) tuples up front, so construction is O(1) and state save/restore no longer copies an iterator. (#489)
  • Speed up parsing by scanning character runs in bulk: Source.advance_while/advance_until consume a whole run of whitespace, bare-key or number characters in a single pass over the input string instead of one inc() call per character. (#490)
  • Speed up parsing of single-line strings by bulk-appending the run of ordinary characters up to the next delimiter, backslash or control character in one pass, instead of one character at a time. (#491)
  • Speed up parsing by removing the internal TOMLChar wrapper: the parser now reads plain str characters from Source and detects end-of-input positionally, avoiding a per-character object construction and method dispatch. (#492)
  • Speed up parsing by comparing StringType members by identity (is) instead of building a set on every is_basic/is_literal/is_singleline/is_multiline call, avoiding millions of enum hashes while parsing. (#502)
  • Speed up merging super tables by merging in place instead of deep-copying the growing target on every merge, turning the parse of documents with many subtables under a shared super table (e.g. consecutive [a.b.c] / [a.b.d] headers) from O(n²) into O(n). (#503)
  • Speed up membership tests (key in ...) on out-of-order tables with a native OutOfOrderTableProxy.__contains__, completing #483 for the last mapping type that still inherited the slow MutableMapping mixin (which resolves the value and builds an exception on every absent key). (#515)
  • Speed up parsing documents with many dotted keys or table headers sharing a prefix by validating out-of-order tables incrementally: each new fragment is merged into a cached validation container once, instead of re-merging (and deep-copying) every earlier fragment on each append, turning a super-cubic worst case into linear time (80 shared-prefix dotted keys: ~8 s → ~10 ms). (#479)
  • Speed up parsing of arrays that close right after a value (e.g. the files = [...] blocks that dominate lock files): the parser no longer attempts to read a value while sitting on the closing ], which previously built an UnexpectedCharError just to discard it — and constructing that exception eagerly computes a line/column by scanning the whole document, making it O(document size) per such array. (#517)
  • Speed up parsing of multiline strings by bulk-appending the run of ordinary characters — across raw line feeds and tabs — up to the next delimiter, backslash, carriage return or control character, instead of one character at a time. This extends to """/''' bodies the single-line fast path added in #491; a \r still stops the scan so \r\n stays validated and byte-for-byte preserved. (#518)
  • Speed up unwrap() (converting a parsed document to a plain dict) by resolving each key directly from the container's key map instead of iterating the inherited MutableMapping view, which rebuilt a SingleKey from the bare string for every key just to re-look-up the value. Out-of-order tables still resolve through their proxy, so their validation is unchanged. (#521)
  • Speed up rendering (as_string() / dumps()) of inline tables with many keys by precomputing the last-key and last-deleted-element indices in a single pass, instead of rescanning the remaining body on every separator comma — turning an O(n²) render into O(n). (#525)
  • Raise on malformed array element instead of dropping it, (#527)

Fixed

  • Fix string() dropping a leading newline of a multiline string on round-trip: a value beginning with a newline is now rendered with an extra leading newline (the one the parser trims after the opening delimiter) so it survives re-parsing.
  • Fix invalid serialization with a duplicated comma when removing a non-edge element from a parsed inline table. (#486)
  • Fix invalid serialization with a duplicated comma when appending or inserting into a comma-first formatted array. (#499)
  • Fix ParseError when a sub-table extends the last element of an array of tables after an unrelated table. (#261)
  • Fix unparseable serialization when adding a key to a dotted-key table inside an inline table. (#500)
  • Fix a table replaced by a plain value being serialized inside the preceding table's body when other tables follow; the value now moves before the first table like other root-level values. (#504)
  • Fix assigning a table over a dotted key (e.g. doc["a"] = {...} where a came from a.b = ...): the dotted prefix was duplicated onto the new [a] header, and the header then swallowed any sibling that follows it on round-trip. The replacement now renders as a plain table and, when needed, moves before the inline entries (values and dotted keys) it would otherwise capture. (#513, #524)
  • Restore dumps() rendering mapping-like wrappers around a parsed document (e.g. dotty_dict's Dotty) through their delegated as_string, preserving the original table order and layout instead of re-encoding through a plain dict — a 0.15.0 regression. (#482)
  • Fix uncontrolled recursion when parsing deeply nested documents: crafted input could crash the process with a RecursionError. Values nested more than 100 levels deep and keys with more than 100 dotted fragments now raise ParseError. (#459)
  • Fix comment() producing invalid TOML for a multiline string by prefixing every line with #, not just the first. (#449)
  • Fix the separator comma being swallowed by a trailing comment when appending a key to a multiline inline table, leaving the new key without a separator so the result no longer round-trips. (#512)
  • Fix a KeyAlreadyPresent error when parsing or accessing an out-of-order table whose array-of-tables elements are split across the table's parts. (#505)
  • Out-of-order value-vs-table and dotted-key-vs-table redefinitions are now rejected at parse time instead of being silently accepted or raising only on access. The parser also detects when a non-dotted key is a prefix of an existing dotted key, matching the stdlib tomllib behaviour. (#523)
  • Reject tables inserted into inline tables instead of serializing invalid TOML. (#531)
  • Fix assigning an array of tables over a dotted key (e.g. doc["a"] = aot(...) where a came from a.b = ...): the new [[a]] header kept the dotted key's inline position and swallowed the following dotted sibling on round-trip. The array of tables now renders past the inline entries it would otherwise capture, mirroring the table fix for #513. (#542)
  • Fix a new top-level scalar being captured by a table rendered from a dotted key: appending a scalar after a dotted-key entry (e.g. a.b = 1) whose table had gained a [a.c]-style child placed the scalar inside that table's scope, silently re-nesting it on round-trip. Scalars now move before such an entry, like they do before regular tables. (#543)
  • Fix invalid serialization with a duplicated [table] header when adding a key to an out-of-order table whose concrete header is declared after its sub-tables; the new key now lands in the existing concrete part instead of giving the header-less super part a second header. (#545)
  • Fix a table's display name (its exact header spelling, including whitespace and quoting) being normalised when the table is assigned onto itself, e.g. doc[k] = doc[k] rewriting [keys .'a'.'c'] to [keys.a.'c']. (#291)
  • Fix missing newlines when appending a key after a dotted inline table, including when the original document has no trailing newline. (#533)
  • Preserve trailing whitespace when replacing a super table, including assigning it onto itself. (#534)
  • Fix str() and repr() of out-of-order table proxies to show their merged values. (#536)
  • Reject decimal integer literals that exceed Python's integer-string conversion limit instead of coercing them to infinity. (#538)
Commits
  • 1bd7e3b chore: release 0.15..1
  • 94e62fb Float is not a sequence (#563)
  • 495a42e Fix top-level scalar captured by a table rendered from a dotted key (#550)
  • 21a4942 reject a comment containing line breaks in Item.comment and add_line (#544)
  • 8cd44f5 fix: preserve leading newline of multiline string built with string() (#551)
  • 67d3e86 Fix array of tables replacing a dotted key swallowing the next sibling (#542)...
  • e23a254 fix: avoid duplicate table header when adding a key to an out-of-order table ...
  • 34e51e2 Update CHANGELOG.md to reflect recent fixes and enhancements
  • b48c094 reject overlong decimal integer instead of coercing to inf (#538)
  • cc05afa Represent out-of-order table proxies with merged values (#536)
  • Additional commits viewable in compare view

Updates tzdata from 2026.2 to 2026.3

Release notes

Sourced from tzdata's releases.

2026.3: Release of upstream tzdata 2026c

Version 2026.3

Upstream version 2026c released 2026-07-08T17:23:58+00:00

Briefly:

Alberta moved to permanent -06 on 2026-06-18. Morocco moves to permanent +00 on 2026-09-20. More integer overflow bugs have been fixed in zic.

Changes to future timestamps

Alberta’s 2026-03-08 spring forward was its last foreseeable clock change, as it moved to permanent -06 thereafter. (Thanks to Roozbeh Pournader and others.) Model this with its traditional abbreviation CST. Although the change to permanent -06 legally took place on 2026-06-18, temporarily model the change to occur on 2026-11-01 at 02:00 instead, for the same reason we introduced a similarly temporary hack for British Columbia in 2026b.

Although another TZDB release will likely be needed soon because Northwest Territories will likely follow Alberta, the legal formalities have not yet taken place.

Morocco plans to move back to permanent UTC, without daylight saving time transitions, on 2026-09-20 at 02:00. This also affects Western Sahara.

Changes to commentary

Northwest Territories is expected to move to permanent -06 prior to 2026-11-01 02:00, when clocks would otherwise fall back. (Thanks to Tim Parenti and James Bellaire.) Model this with its traditional abbreviation CST. Unfortunately the change is not yet official, so it is currently present only as comments that can be uncommented as needed.

Changelog

Sourced from tzdata's changelog.

Version 2026.3

Upstream version 2026c released 2026-07-08T17:23:58+00:00

Briefly:

Alberta moved to permanent -06 on 2026-06-18. Morocco moves to permanent +00 on 2026-09-20. More integer overflow bugs have been fixed in zic.

Changes to future timestamps

Alberta’s 2026-03-08 spring forward was its last foreseeable clock change, as it moved to permanent -06 thereafter. (Thanks to Roozbeh Pournader and others.) Model this with its traditional abbreviation CST. Although the change to permanent -06 legally took place on 2026-06-18, temporarily model the change to occur on 2026-11-01 at 02:00 instead, for the same reason we introduced a similarly temporary hack for British Columbia in 2026b.

Although another TZDB release will likely be needed soon because Northwest Territories will likely follow Alberta, the legal formalities have not yet taken place.

Morocco plans to move back to permanent UTC, without daylight saving time transitions, on 2026-09-20 at 02:00. This also affects Western Sahara.

Changes to commentary

Northwest Territories is expected to move to permanent -06 prior to 2026-11-01 02:00, when clocks would otherwise fall back. (Thanks to Tim Parenti and James Bellaire.) Model this with its traditional abbreviation CST. Unfortunately the change is not yet official, so it is currently present only as comments that can be uncommented as needed.


Commits
  • a442794 Update tzdata to version 2026c (#145)
  • 8f35937 Use the release environment for TestPyPI publishes (#146)
  • ba0b891 Few fixes to the maintaining doc
  • 9a7e6a0 Add Stan Ulbrych to license
  • 1cab5e2 Bump actions/checkout from 6.0.2 to 7.0.0 (#144)
  • e71cff9 Bump hynek/build-and-inspect-python-package action (#143)
  • 14b2953 Make open PR check stricter (#141)
  • 68d4d51 Isolate package build and publish (#137)
  • 5bb6232 Fix punctuation in README.
  • e313d95 Raise with an informative message when release is missing from NEWS file
  • Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request
Dependency Name Ignore Conditions
anyio [>= 4.7.dev0, < 4.8]
anyio [>= 4.8.dev0, < 4.9]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

… with 4 updates

Bumps the other-dependencies group with 4 updates in the / directory: [anyio](https://github.com/agronholm/anyio), [mypy](https://github.com/python/mypy), [tomlkit](https://github.com/python-poetry/tomlkit) and [tzdata](https://github.com/python/tzdata).


Updates `anyio` from 4.14.1 to 4.14.2
- [Release notes](https://github.com/agronholm/anyio/releases)
- [Commits](agronholm/anyio@4.14.1...4.14.2)

Updates `mypy` from 2.2.0 to 2.3.0
- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md)
- [Commits](python/mypy@v2.2.0...v2.3.0)

Updates `tomlkit` from 0.15.0 to 0.15.1
- [Release notes](https://github.com/python-poetry/tomlkit/releases)
- [Changelog](https://github.com/python-poetry/tomlkit/blob/master/CHANGELOG.md)
- [Commits](python-poetry/tomlkit@0.15.0...0.15.1)

Updates `tzdata` from 2026.2 to 2026.3
- [Release notes](https://github.com/python/tzdata/releases)
- [Changelog](https://github.com/python/tzdata/blob/master/NEWS.md)
- [Commits](python/tzdata@2026.2...2026.3)

---
updated-dependencies:
- dependency-name: anyio
  dependency-version: 4.14.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: other-dependencies
- dependency-name: mypy
  dependency-version: 2.3.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: other-dependencies
- dependency-name: tomlkit
  dependency-version: 0.15.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: other-dependencies
- dependency-name: tzdata
  dependency-version: '2026.3'
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: other-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jul 17, 2026
@dependabot
dependabot Bot requested a review from a team as a code owner July 17, 2026 02:46
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jul 17, 2026
@github-actions
github-actions Bot enabled auto-merge July 17, 2026 02:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants