Skip to content

chore(deps-dev): bump the other-dependencies group across 1 directory with 3 updates#1110

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/other-dependencies-8d0417fa20
Open

chore(deps-dev): bump the other-dependencies group across 1 directory with 3 updates#1110
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/other-dependencies-8d0417fa20

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 13, 2026

Copy link
Copy Markdown
Contributor

Bumps the other-dependencies group with 3 updates in the / directory: anyio, build and tzdata.

Updates anyio from 4.14.1 to 4.14.2

Release notes

Sourced from anyio's releases.

4.14.2

  • Changed ByteReceiveStream.receive() implementations to raise a ValueError when max_bytes is not a positive integer (#1191)
  • Fixed CapacityLimiter.total_tokens rejecting float("inf") when the limiter was instantiated outside of an event loop. The adapter setter checked for infinity by identity (value is math.inf), so only the exact math.inf singleton was accepted, while every backend setter (using math.isinf()) accepts any positive infinity (#1189; PR by @​greymoth-jp).
  • Fixed to_process.run_sync() deadlocking when the worker function writes enough data to sys.stderr to fill the (undrained) pipe buffer. The worker process now redirects sys.stderr to os.devnull as well, matching the documented behavior
  • Fixed TLSStream.wrap() matching an internationalized (unicode) host name against the peer certificate using IDNA 2003 (via the standard library) instead of IDNA 2008, which could cause the host name to be matched against the wrong certificate (#1208)
  • Fixed anyio.open_process() (and run_process()) ignoring the extra_groups argument, as it mistakenly passed the value of the group argument instead (#1209)
  • Fixed CapacityLimiter.acquire_nowait() and CapacityLimiter.acquire_nowait_on_behalf_of() raising trio.WouldBlock instead of anyio.WouldBlock on the trio backend when there are no tokens available (#1218)
  • Fixed CapacityLimiter on the asyncio backend over-granting tokens (borrowed_tokens exceeding total_tokens and available_tokens going negative) when a non-blocking acquire was made in the window between a token being released and the notified waiter resuming. The freed token is now reserved for the woken waiter right away, so the non-blocking acquire correctly raises WouldBlock (#1170; PR by @​gaoflow)
  • Fixed unnecessary CPU spin when delivering cancellation from CancelScope on asyncio under certain conditions, including improper cancel scope nesting (#1111)
Commits
  • c384f99 Bumped up the version
  • dbba29d Fixed 100% CPU spin on cancel scope misuse (#1217)
  • 6bbc6c3 Fix CapacityLimiter over-granting tokens on asyncio (#1172)
  • 6f82b25 Refactored TestTLSStream.test_receive_invalid_max_bytes() to be less flaky
  • be24b04 Relaxed timeouts to fix test flakiness
  • 8113506 Fix test flakiness caused by slow callback duration logging
  • 1e988b6 Fixed CapacityLimiter raising trio.WouldBlock instead of anyio.WouldBlock (#1...
  • 44713f3 Pin setup-uv to a commit sha across downstream jobs (#1213)
  • f1b7301 Fixed stderr writes in a worker subprocess causing a deadlock (#1207)
  • 212be93 Fix flaky test_tcp_listener_same_port using a hardcoded port (#1206)
  • Additional commits viewable in compare view

Updates build from 1.5.0 to 1.5.1

Release notes

Sourced from build's releases.

1.5.1

What's Changed

... (truncated)

Changelog

Sourced from build's changelog.

#################### 1.5.1 (2026-07-09) ####################


Features


  • Add --report=PATH to write a machine-readable JSON report of built artifacts; --metadata now also accepts .whl files - by :user:gaborbernat (:issue:198)
  • The srcdir argument now accepts .tar.gz source distributions, extracting and building from them - by :user:gaborbernat (:issue:311)
  • The "Unmet dependencies" error from --no-isolation builds now shows the wanted version, found version, and interpreter - by :user:gaborbernat (:issue:504)
  • Add --sdist-extract-dir to extract the intermediate sdist into a persistent directory, enabling compiler cache reuse across rebuilds - by :user:gaborbernat (:issue:614)
  • Add --env-dir to place the isolated build environment at a fixed path, enabling compiler cache reuse across builds - by :user:gaborbernat (:issue:655)
  • Print a summary of resolved dependency versions (name==version) after installing them in isolated builds - by :user:gaborbernat (:issue:959)
  • On build failure, print a tip pointing to --env-dir and --sdist-extract-dir for debugging and link to the "Debug a failed build" how-to - reported by :user:dimpase, implemented by :user:gaborbernat (:issue:966)

Bugfixes


  • Drain verbose subprocess output inline instead of using a ThreadPoolExecutor, which silently swallowed logging errors - by :user:henryiii (:issue:1098)
  • Reject a file passed as --env-dir with a clear error instead of a raw FileExistsError - by :user:henryiii (:issue:1100)
  • Emit CLI warnings to stderr instead of stdout, so they no longer corrupt --metadata JSON output on stdout - by :user:ymyzk (:issue:1111)
  • Fix the Windows symlink support probe always returning False due to a stale object interpolated into the destination path - by :user:henryiii (:issue:1118)
  • Fix metadata_path's build-backend fallback returning a nonexistent dist-info path for wheels with a build tag - by :user:henryiii (:issue:1119)
  • Write pip/uv requirements and constraints files with \n instead of os.linesep, avoiding doubled \r\r\n line endings on Windows - by :user:henryiii (:issue:1120)
  • Batch of small robustness fixes: correct macOS release parsing for the minimum pip version, avoid sharing the mutable default build-system table between builders, keep the original error when isolated-environment setup fails early, and raise BuildException for an invalid wheel - by :user:henryiii (:issue:1121)
  • Decide color support independently for stdout and stderr instead of only checking stdout.isatty(), so redirecting one stream no longer disables or leaks ANSI colors on the other - by :user:henryiii (:issue:1123)

Deprecations and Removals


  • Deprecate :func:build.util.project_wheel_metadata; use python -m build --metadata instead - by :user:gaborbernat (:issue:557)
  • Warn on config settings without a value (e.g. -C--my-flag); use -C--my-flag= instead for compatibility with pip

... (truncated)

Commits
  • d08fcd7 chore: prepare for 1.5.1
  • 135801c test: isolate color tests from NO_COLOR and FORCE_COLOR (#1128)
  • 820d4e5 perf: memoize check_dependency (#1122)
  • 6c03264 pre-commit: bump repositories (#1127)
  • 43c337a refactor: simplify code paths found in review (#1124)
  • 260ae22 fix: minor robustness fixes from code review (#1121)
  • 100e86e refactor: open the wheel only once in metadata_path (#1126)
  • 272db6c fix: decide color support per output stream, not solely from stdout (#1123)
  • bc4ca7c fix: use LF instead of os.linesep when writing pip/uv requirements files (#1120)
  • 16d8143 fix: derive dist-info directory from wheel contents, not filename (#1119)
  • Additional commits viewable in compare view

Updates tzdata from 2026.2 to 2026.3

Release notes

Sourced from tzdata's releases.

2026.3: Release of upstream tzdata 2026c

Version 2026.3

Upstream version 2026c released 2026-07-08T17:23:58+00:00

Briefly:

Alberta moved to permanent -06 on 2026-06-18. Morocco moves to permanent +00 on 2026-09-20. More integer overflow bugs have been fixed in zic.

Changes to future timestamps

Alberta’s 2026-03-08 spring forward was its last foreseeable clock change, as it moved to permanent -06 thereafter. (Thanks to Roozbeh Pournader and others.) Model this with its traditional abbreviation CST. Although the change to permanent -06 legally took place on 2026-06-18, temporarily model the change to occur on 2026-11-01 at 02:00 instead, for the same reason we introduced a similarly temporary hack for British Columbia in 2026b.

Although another TZDB release will likely be needed soon because Northwest Territories will likely follow Alberta, the legal formalities have not yet taken place.

Morocco plans to move back to permanent UTC, without daylight saving time transitions, on 2026-09-20 at 02:00. This also affects Western Sahara.

Changes to commentary

Northwest Territories is expected to move to permanent -06 prior to 2026-11-01 02:00, when clocks would otherwise fall back. (Thanks to Tim Parenti and James Bellaire.) Model this with its traditional abbreviation CST. Unfortunately the change is not yet official, so it is currently present only as comments that can be uncommented as needed.

Changelog

Sourced from tzdata's changelog.

Version 2026.3

Upstream version 2026c released 2026-07-08T17:23:58+00:00

Briefly:

Alberta moved to permanent -06 on 2026-06-18. Morocco moves to permanent +00 on 2026-09-20. More integer overflow bugs have been fixed in zic.

Changes to future timestamps

Alberta’s 2026-03-08 spring forward was its last foreseeable clock change, as it moved to permanent -06 thereafter. (Thanks to Roozbeh Pournader and others.) Model this with its traditional abbreviation CST. Although the change to permanent -06 legally took place on 2026-06-18, temporarily model the change to occur on 2026-11-01 at 02:00 instead, for the same reason we introduced a similarly temporary hack for British Columbia in 2026b.

Although another TZDB release will likely be needed soon because Northwest Territories will likely follow Alberta, the legal formalities have not yet taken place.

Morocco plans to move back to permanent UTC, without daylight saving time transitions, on 2026-09-20 at 02:00. This also affects Western Sahara.

Changes to commentary

Northwest Territories is expected to move to permanent -06 prior to 2026-11-01 02:00, when clocks would otherwise fall back. (Thanks to Tim Parenti and James Bellaire.) Model this with its traditional abbreviation CST. Unfortunately the change is not yet official, so it is currently present only as comments that can be uncommented as needed.


Commits
  • a442794 Update tzdata to version 2026c (#145)
  • 8f35937 Use the release environment for TestPyPI publishes (#146)
  • ba0b891 Few fixes to the maintaining doc
  • 9a7e6a0 Add Stan Ulbrych to license
  • 1cab5e2 Bump actions/checkout from 6.0.2 to 7.0.0 (#144)
  • e71cff9 Bump hynek/build-and-inspect-python-package action (#143)
  • 14b2953 Make open PR check stricter (#141)
  • 68d4d51 Isolate package build and publish (#137)
  • 5bb6232 Fix punctuation in README.
  • e313d95 Raise with an informative message when release is missing from NEWS file
  • Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request
Dependency Name Ignore Conditions
anyio [>= 4.7.dev0, < 4.8]
anyio [>= 4.8.dev0, < 4.9]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

… with 3 updates

Bumps the other-dependencies group with 3 updates in the / directory: [anyio](https://github.com/agronholm/anyio), [build](https://github.com/pypa/build) and [tzdata](https://github.com/python/tzdata).


Updates `anyio` from 4.14.1 to 4.14.2
- [Release notes](https://github.com/agronholm/anyio/releases)
- [Commits](agronholm/anyio@4.14.1...4.14.2)

Updates `build` from 1.5.0 to 1.5.1
- [Release notes](https://github.com/pypa/build/releases)
- [Changelog](https://github.com/pypa/build/blob/main/CHANGELOG.rst)
- [Commits](pypa/build@1.5.0...1.5.1)

Updates `tzdata` from 2026.2 to 2026.3
- [Release notes](https://github.com/python/tzdata/releases)
- [Changelog](https://github.com/python/tzdata/blob/master/NEWS.md)
- [Commits](python/tzdata@2026.2...2026.3)

---
updated-dependencies:
- dependency-name: anyio
  dependency-version: 4.14.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: other-dependencies
- dependency-name: build
  dependency-version: 1.5.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: other-dependencies
- dependency-name: tzdata
  dependency-version: '2026.3'
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: other-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jul 13, 2026
@dependabot dependabot Bot requested a review from a team as a code owner July 13, 2026 02:45
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jul 13, 2026
@github-actions github-actions Bot enabled auto-merge July 13, 2026 02:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants