Skip to content

chore(deps): Update python-dependencies#1045

Merged
EntchenEric merged 1 commit intomasterfrom
renovate/python-dependencies
Mar 31, 2026
Merged

chore(deps): Update python-dependencies#1045
EntchenEric merged 1 commit intomasterfrom
renovate/python-dependencies

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate bot commented Nov 17, 2025
edited
Loading

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Confidence
PyGithub ==2.8.1==2.9.0 age confidence
PyJWT ==2.12.0==2.12.1 age confidence
aiohttp ==3.13.3==3.13.4 age confidence
anyio (changelog) ==4.11.0==4.13.0 age confidence
beautifulsoup4 (changelog) ==4.14.2==4.14.3 age confidence
certifi ==2026.1.4==2026.2.25 age confidence
charset-normalizer (changelog) ==3.4.4==3.4.6 age confidence
discord.py ==2.6.4==2.7.1 age confidence
fonttools ==4.61.0==4.62.1 age confidence
jiter ==0.12.0==0.13.0 age confidence
jsonschema (changelog) ==4.25.1==4.26.0 age confidence
jupyter_client ==8.6.3==8.8.0 age confidence
kiwisolver (changelog) ==1.4.9==1.5.0 age confidence
matplotlib ==3.10.7==3.10.8 age confidence
mistune ==3.1.4==3.2.0 age confidence
mpmath ==1.3.0==1.4.1 age confidence
multidict ==6.7.0==6.7.1 age confidence
nbclient ==0.10.2==0.10.4 age confidence
numpy (changelog) ==2.3.4==2.4.4 age confidence
parso ==0.8.5==0.8.6 age confidence
platformdirs (changelog) ==4.5.0==4.9.4 age confidence
pyparsing ==3.2.5==3.3.2 age confidence
python-dotenv ==1.2.1==1.2.2 age confidence
requests (changelog) ==2.33.0==2.33.1 age confidence
rpds-py ==0.29.0==0.30.0 age confidence
scipy ==1.16.3==1.17.1 age confidence
soupsieve ==2.8==2.8.3 age confidence
tinycss2 (changelog) ==1.4.0==1.5.1 age confidence
tqdm (changelog) ==4.67.1==4.67.3 age confidence
wcwidth ==0.2.14==0.6.0 age confidence
wrapt (changelog) ==2.0.1==2.1.2 age confidence
yarl ==1.22.0==1.23.0 age confidence

Release Notes

pygithub/pygithub (PyGithub)

v2.9.0

Compare Source

Notable changes
Lazy PyGithub objects

The notion of lazy objects has been added to some PyGithub classes in version 2.6.0. This release now makes all CompletableGithubObjects optionally lazy (if useful). See PyGithub/PyGithub#3403 for a complete list.

In lazy mode, getting a PyGithub object does not send a request to the GitHub API. Only accessing methods and properties sends the necessary requests to the GitHub API:

# Use lazy mode
g = Github(auth=auth, lazy=True)

# these method calls do not send requests to the GitHub API
user = g.get_user("PyGithub")    # get the user
repo = user.get_repo("PyGithub") # get the user's repo
pull = repo.get_pull(3403)       # get a known pull request
issue = pull.as_issue()          # turn the pull request into an issue

# these method and property calls send requests to Github API
issue.create_reaction("rocket")  # create a reaction
created = repo.created_at        # get property of lazy object repo

# once a lazy object has been fetched, all properties are available (no more requests)
licence = repo.license

All PyGithub classes that implement CompletableGithubObject support lazy mode (if useful). This is only useful for classes that have methods creating, changing, or getting objects.

By default, PyGithub objects are not lazy.

PyGithub objects with a paginated property

The GitHub API has the "feature" of paginated properties. Some objects returned by the API have a property that allows for pagination. Fetching subsequent pages of that property means fetching the entire object (with all other properties) and the specified page of the paginated property. Iterating over the paginated property means fetching all other properties multiple times. Fortunately, the allowed size of each page (per_page is usually 300, in contrast to the "usual" per_page maximum of 100).

Objects with paginated properties:

  • Commit.files
  • Comparison.commits
  • EnterpriseConsumedLicenses.users

This PR makes iterating those paginated properties use the configured per_page setting.

It further allows to specify an individual per_page when either retrieving such objects, or fetching paginated properties.

See Classes with paginated properties for details.

Drop Python 3.8 support due to End-of-Life

Python 3.8 reached its end-of-life September 6, 2024. Support has been removed with this release.

Deprecations
  • Method delete of Reaction is deprecated, use IssueComment.delete_reaction,
    PullRequestComment.delete_reaction, CommitComment.delete_reaction or Issue.delete_reaction instead.
  • Method Issue.assignee and parameter Issue.edit(assignee=…) are deprecated,
    use Issue.assignees and Issue.edit(assignees=…) instead.
  • Method Organization.edit_hook is deprecated, use Organization.get_hook(id).edit(…) instead.
    If you need to avoid Organization.get_hook(id) to fetch the Hook object from Github API,
    use a lazy Github instance:
Github(…, lazy=True).get_organization(…).get_hook(id).edit(…)
  • Methods Team.add_to_members and Team.remove_from_members are deprecated,
    use Team.add_membership or Team.remove_membership instead.
New Features
Improvements
Bug Fixes
Maintenance

New Contributors

Full Changelog: PyGithub/PyGithub@v2.8.0...v2.9.0

jpadilla/pyjwt (PyJWT)

v2.12.1

Compare Source

Changed


- Migrate the ``dev``, ``docs``, and ``tests`` package extras to dependency groups by @&#8203;kurtmckee in `#&#8203;1152 <https://github.com/jpadilla/pyjwt/pull/1152>`__

`v2.12.1 <https://github.com/jpadilla/pyjwt/compare/2.12.0...2.12.1>`__
------------------------------------------------------------------------

Fixed
~~~~~

- Add missing ``typing_extensions`` dependency for Python < 3.11 in `#&#8203;1150 <https://github.com/jpadilla/pyjwt/issues/1150>`__

`v2.12.0 <https://github.com/jpadilla/pyjwt/compare/2.11.0...2.12.0>`__
-----------------------------------------------------------------------

Fixed
~~~~~

- Annotate PyJWKSet.keys for pyright by @&#8203;tamird in `#&#8203;1134 <https://github.com/jpadilla/pyjwt/pull/1134>`__
- Close ``HTTPError`` response to prevent ``ResourceWarning`` on Python 3.14 by @&#8203;veeceey in `#&#8203;1133 <https://github.com/jpadilla/pyjwt/pull/1133>`__
- Do not keep ``algorithms`` dict in PyJWK instances by @&#8203;akx in `#&#8203;1143 <https://github.com/jpadilla/pyjwt/pull/1143>`__
- Validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. by @&#8203;dmbs335 in `GHSA-752w-5fwx-jx9f <https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f>`__
- Use PyJWK algorithm when encoding without explicit algorithm in `#&#8203;1148 <https://github.com/jpadilla/pyjwt/pull/1148>`__

Added
~~~~~

- Docs: Add ``PyJWKClient`` API reference and document the two-tier caching system (JWK Set cache and signing key LRU cache).

`v2.11.0 <https://github.com/jpadilla/pyjwt/compare/2.10.1...2.11.0>`__
-----------------------------------------------------------------------

Fixed
~~~~~

- Enforce ECDSA curve validation per RFC 7518 Section 3.4.
- Fix build system warnings by @&#8203;kurtmckee in `#&#8203;1105 <https://github.com/jpadilla/pyjwt/pull/1105>`__
- Validate key against allowed types for Algorithm family in `#&#8203;964 <https://github.com/jpadilla/pyjwt/pull/964>`__
- Add iterator for JWKSet in `#&#8203;1041 <https://github.com/jpadilla/pyjwt/pull/1041>`__
- Validate `iss` claim is a string during encoding and decoding by @&#8203;pachewise in `#&#8203;1040 <https://github.com/jpadilla/pyjwt/pull/1040>`__
- Improve typing/logic for `options` in decode, decode_complete by @&#8203;pachewise in `#&#8203;1045 <https://github.com/jpadilla/pyjwt/pull/1045>`__
- Declare float supported type for lifespan and timeout by @&#8203;nikitagashkov in `#&#8203;1068 <https://github.com/jpadilla/pyjwt/pull/1068>`__
- Fix ``SyntaxWarning``\s/``DeprecationWarning``\s caused by invalid escape sequences by @&#8203;kurtmckee in `#&#8203;1103 <https://github.com/jpadilla/pyjwt/pull/1103>`__
- Development: Build a shared wheel once to speed up test suite setup times by @&#8203;kurtmckee in `#&#8203;1114 <https://github.com/jpadilla/pyjwt/pull/1114>`__
- Development: Test type annotations across all supported Python versions,
  increase the strictness of the type checking, and remove the mypy pre-commit hook
  by @&#8203;kurtmckee in `#&#8203;1112 <https://github.com/jpadilla/pyjwt/pull/1112>`__

Added
~~~~~

- Support Python 3.14, and test against PyPy 3.10 and 3.11 by @&#8203;kurtmckee in `#&#8203;1104 <https://github.com/jpadilla/pyjwt/pull/1104>`__
- Development: Migrate to ``build`` to test package building in CI by @&#8203;kurtmckee in `#&#8203;1108 <https://github.com/jpadilla/pyjwt/pull/1108>`__
- Development: Improve coverage config and eliminate unused test suite code by @&#8203;kurtmckee in `#&#8203;1115 <https://github.com/jpadilla/pyjwt/pull/1115>`__
- Docs: Standardize CHANGELOG links to PRs by @&#8203;kurtmckee in `#&#8203;1110 <https://github.com/jpadilla/pyjwt/pull/1110>`__
- Docs: Fix Read the Docs builds by @&#8203;kurtmckee in `#&#8203;1111 <https://github.com/jpadilla/pyjwt/pull/1111>`__
- Docs: Add example of using leeway with nbf by @&#8203;djw8605 in `#&#8203;1034 <https://github.com/jpadilla/pyjwt/pull/1034>`__
- Docs: Refactored docs with ``autodoc``; added ``PyJWS`` and ``jwt.algorithms`` docs by @&#8203;pachewise in `#&#8203;1045 <https://github.com/jpadilla/pyjwt/pull/1045>`__
- Docs: Documentation improvements for "sub" and "jti" claims by @&#8203;cleder in `#&#8203;1088 <https://github.com/jpadilla/pyjwt/pull/1088>`__
- Development: Add pyupgrade as a pre-commit hook by @&#8203;kurtmckee in `#&#8203;1109 <https://github.com/jpadilla/pyjwt/pull/1109>`__
- Add minimum key length validation for HMAC and RSA keys (CWE-326).
  Warns by default via ``InsecureKeyLengthWarning`` when keys are below
  minimum recommended lengths per RFC 7518 Section 3.2 (HMAC) and
  NIST SP 800-131A (RSA). Pass ``enforce_minimum_key_length=True`` in
  options to ``PyJWT`` or ``PyJWS`` to raise ``InvalidKeyError`` instead.
- Refactor ``PyJWT`` to own an internal ``PyJWS`` instance instead of
  calling global ``api_jws`` functions.

`v2.10.1 <https://github.com/jpadilla/pyjwt/compare/2.10.0...2.10.1>`__
-----------------------------------------------------------------------

Fixed
~~~~~

- Prevent partial matching of `iss` claim by @&#8203;fabianbadoi in `GHSA-75c5-xw7c-p5pm <https://github.com/jpadilla/pyjwt/security/advisories/GHSA-75c5-xw7c-p5pm>`__

`v2.10.0 <https://github.com/jpadilla/pyjwt/compare/2.9.0...2.10.0>`__
-----------------------------------------------------------------------

Changed

  • Remove algorithm requirement from JWT API, instead relying on JWS API for enforcement, by @​luhn in #&#8203;975 <https://github.com/jpadilla/pyjwt/pull/975>__

  • Use Sequence for parameter types rather than List where applicable by @​imnotjames in #&#8203;970 <https://github.com/jpadilla/pyjwt/pull/970>__

  • Add JWK support to JWT encode by @​luhn in #&#8203;979 <https://github.com/jpadilla/pyjwt/pull/979>__

  • Encoding and decoding payloads using the none algorithm by @​jpadilla in #c2629f6 <https://github.com/jpadilla/pyjwt/commit/c2629f66c593459e02616048443231ccbe18be16>__

    Before:

    .. code-block:: pycon

    import jwt
    jwt.encode({"payload": "abc"}, key=None, algorithm=None)

    After:

    .. code-block:: pycon

    import jwt
    jwt.encode({"payload": "abc"}, key=None, algorithm="none")

  • Added validation for 'sub' (subject) and 'jti' (JWT ID) claims in tokens by @​Divan009 in #&#8203;1005 <https://github.com/jpadilla/pyjwt/pull/1005>__

  • Refactor project configuration files from setup.cfg to pyproject.toml by @​cleder in #&#8203;995 <https://github.com/jpadilla/pyjwt/pull/995>__

  • Ruff linter and formatter changes by @​gagandeepp in #&#8203;1001 <https://github.com/jpadilla/pyjwt/pull/1001>__

  • Drop support for Python 3.8 (EOL) by @​kkirsche in #&#8203;1007 <https://github.com/jpadilla/pyjwt/pull/1007>__

Fixed


- Encode EC keys with a fixed bit length by @&#8203;etianen in `#&#8203;990 <https://github.com/jpadilla/pyjwt/pull/990>`__
- Add an RTD config file to resolve Read the Docs build failures by @&#8203;kurtmckee in `#&#8203;977 <https://github.com/jpadilla/pyjwt/pull/977>`__
- Docs: Update ``iat`` exception docs by @&#8203;pachewise in `#&#8203;974 <https://github.com/jpadilla/pyjwt/pull/974>`__
- Docs: Fix ``decode_complete`` scope and algorithms by @&#8203;RbnRncn in `#&#8203;982 <https://github.com/jpadilla/pyjwt/pull/982>`__
- Fix doctest for ``docs/usage.rst`` by @&#8203;pachewise in `#&#8203;986 <https://github.com/jpadilla/pyjwt/pull/986>`__
- Fix ``test_utils.py`` not to xfail by @&#8203;pachewise in `#&#8203;987 <https://github.com/jpadilla/pyjwt/pull/987>`__
- Docs: Correct `jwt.decode` audience param doc expression by @&#8203;peter279k in `#&#8203;994 <https://github.com/jpadilla/pyjwt/pull/994>`__

Added
  • Add support for python 3.13 by @​hugovk in #&#8203;972 <https://github.com/jpadilla/pyjwt/pull/972>__
  • Create SECURITY.md by @​auvipy and @​jpadilla in #&#8203;973 <https://github.com/jpadilla/pyjwt/pull/973>__
  • Docs: Add PS256 encoding and decoding usage by @​peter279k in #&#8203;992 <https://github.com/jpadilla/pyjwt/pull/992>__
  • Docs: Add API docs for PyJWK by @​luhn in #&#8203;980 <https://github.com/jpadilla/pyjwt/pull/980>__
  • Docs: Add EdDSA algorithm encoding/decoding usage by @​peter279k in #&#8203;993 <https://github.com/jpadilla/pyjwt/pull/993>__
  • Include checkers and linters for pyproject.toml in pre-commit by @​cleder in #&#8203;1002 <https://github.com/jpadilla/pyjwt/pull/1002>__
  • Docs: Add ES256 decoding usage by @​Gautam-Hegde in #&#8203;1003 <https://github.com/jpadilla/pyjwt/pull/1003>__
aio-libs/aiohttp (aiohttp)

v3.13.4

Compare Source

===================

Features

  • Added max_headers parameter to limit the number of headers that should be read from a response -- by :user:Dreamsorcerer.

    Related issues and pull requests on GitHub:
    :issue:11955.

  • Added a dns_cache_max_size parameter to TCPConnector to limit the size of the cache -- by :user:Dreamsorcerer.

    Related issues and pull requests on GitHub:
    :issue:12106.

Bug fixes

  • Fixed server hanging indefinitely when chunked transfer encoding chunk-size
    does not match actual data length. The server now raises
    TransferEncodingError instead of waiting forever for data that will
    never arrive -- by :user:Fridayai700.

    Related issues and pull requests on GitHub:
    :issue:10596.

  • Fixed access log timestamps ignoring daylight saving time (DST) changes. The
    previous implementation used :py:data:time.timezone which is a constant and
    does not reflect DST transitions -- by :user:nightcityblade.

    Related issues and pull requests on GitHub:
    :issue:11283.

  • Fixed RuntimeError: An event loop is running error when using aiohttp.GunicornWebWorker
    or aiohttp.GunicornUVLoopWebWorker on Python >=3.14.
    -- by :user:Tasssadar.

    Related issues and pull requests on GitHub:
    :issue:11701.

  • Fixed :exc:ValueError when creating a TLS connection with ClientTimeout(total=0) by converting 0 to None before passing to ssl_handshake_timeout in :py:meth:asyncio.loop.start_tls -- by :user:veeceey.

    Related issues and pull requests on GitHub:
    :issue:11859.

  • Restored :py:meth:~aiohttp.BodyPartReader.decode as a synchronous method
    for backward compatibility. The method was inadvertently changed to async
    in 3.13.3 as part of the decompression bomb security fix. A new
    :py:meth:~aiohttp.BodyPartReader.decode_iter method is now available
    for non-blocking decompression of large payloads using an async generator.
    Internal aiohttp code uses the async variant to maintain security protections.

    Changed multipart processing chunk sizes from 64 KiB to 256KiB, to better
    match aiohttp internals
    -- by :user:bdraco and :user:Dreamsorcerer.

    Related issues and pull requests on GitHub:
    :issue:11898.

  • Fixed false-positive :py:class:DeprecationWarning for passing enable_cleanup_closed=True to :py:class:~aiohttp.TCPConnector specifically on Python 3.12.7.
    -- by :user:Robsdedude.

    Related issues and pull requests on GitHub:
    :issue:11972.

  • Fixed _sendfile_fallback over-reading beyond requested count -- by :user:bysiber.

    Related issues and pull requests on GitHub:
    :issue:12096.

  • Fixed digest auth dropping challenge fields with empty string values -- by :user:bysiber.

    Related issues and pull requests on GitHub:
    :issue:12097.

  • ClientConnectorCertificateError.os_error no longer raises :exc:AttributeError
    -- by :user:themylogin.

    Related issues and pull requests on GitHub:
    :issue:12136.

  • Adjusted pure-Python request header value validation to align with RFC 9110 control-character handling, while preserving lax response parser behavior, and added regression tests for Host/header control-character cases.
    -- by :user:rodrigobnogueira.

    Related issues and pull requests on GitHub:
    :issue:12231.

  • Rejected duplicate singleton headers (Host, Content-Type,
    Content-Length, etc.) in the C extension HTTP parser to match
    the pure Python parser behaviour, preventing potential host-based
    access control bypasses via parser differentials
    -- by :user:rodrigobnogueira.

    Related issues and pull requests on GitHub:
    :issue:12240.

  • Aligned the pure-Python HTTP request parser with the C parser by splitting
    comma-separated and repeated Connection header values for keep-alive,
    close, and upgrade handling -- by :user:rodrigobnogueira.

    Related issues and pull requests on GitHub:
    :issue:12249.

Improved documentation

  • Documented :exc:asyncio.TimeoutError for WebSocketResponse.receive()
    and related methods -- by :user:veeceey.

    Related issues and pull requests on GitHub:
    :issue:12042.

Packaging updates and notes for downstreams

  • Upgraded llhttp to 3.9.1 -- by :user:Dreamsorcerer.

    Related issues and pull requests on GitHub:
    :issue:12069.

Contributor-facing changes

  • The benchmark CI job now runs only in the upstream repository -- by :user:Cycloctane.

    It used to always fail in forks, which this change fixed.

    Related issues and pull requests on GitHub:
    :issue:11737.

  • Fixed flaky performance tests by using appropriate fixed thresholds that account for CI variability -- by :user:rodrigobnogueira.

    Related issues and pull requests on GitHub:
    :issue:11992.

Miscellaneous internal changes

  • Fixed test_invalid_idna to work with idna 3.11 by using an invalid character (\u0080) that is rejected by yarl during URL construction -- by :user:rodrigobnogueira.

    Related issues and pull requests on GitHub:
    :issue:12027.

  • Fixed race condition in test_data_file on Python 3.14 free-threaded builds -- by :user:rodrigobnogueira.

    Related issues and pull requests on GitHub:
    :issue:12170.

agronholm/anyio (anyio)

v4.13.0

Compare Source

  • Dropped support for Python 3.9
  • Added a ttl parameter to the anyio.functools.lru_cache wrapper (#​1073; PR by @​Graeme22)
  • Widened the type annotations of file I/O streams to accept IO[bytes] instead of just BinaryIO (#​1078)
  • Fixed anyio.Path not being compatible with Python 3.15 due to the removal of pathlib.Path.is_reserved() and the addition of pathlib.Path.__vfspath__() (#​1061; PR by @​veeceey)
  • Fixed the BrokenResourceError raised by the asyncio SocketStream not having the original exception as its cause (#​1055; PR by @​veeceey)
  • Fixed the TypeError raised when using "func" as a parameter name in pytest.mark.parametrize when using the pytest plugin (#​1068; PR by @​JohnnyDeuss)
  • Fixed the pytest plugin not running tests that had the anyio marker added programmatically via pytest_collection_modifyitems (#​422; PR by @​chbndrhnns)
  • Fixed cancellation exceptions leaking from a CancelScope on asyncio when they are contained in an exception group alongside non-cancellation exceptions (#​1091; PR by @​gschaffner)
  • Fixed Condition.wait() not passing on a notification when the task is cancelled but already received a notification
  • Fixed inverted condition in the process pool shutdown phase which would cause still-running pooled processes not to be terminated (#​1074; PR by @​bysiber)

v4.12.1

Compare Source

  • Changed all functions currently raising the private NoCurrentAsyncBackend exception (since v4.12.0) to instead raise the public NoEventLoopError exception (#​1048)
  • Fixed anyio.functools.lru_cache not working with instance methods (#​1042)

v4.12.0

Compare Source

  • Added support for asyncio's task call graphs on Python 3.14 and later when using AnyIO's task groups (#​1025)
  • Added an asynchronous implementation of the functools module (#​1001)
  • Added support for uvloop=True on Windows via the winloop implementation (#​960; PR by @​Vizonex)
  • Added support for use as a context manager to anyio.lowlevel.RunVar (#​1003)
  • Added __all__ declarations to public submodules (anyio.lowlevel etc.) (#​1009)
  • Added the ability to set the token count of a CapacityLimiter to zero (#​1019; requires Python 3.10 or later when using Trio)
  • Added parameters case_sensitive and recurse_symlinks along with support for path-like objects to anyio.Path.glob() and anyio.Path.rglob() (#​1033; PR by @​northisup)
  • Dropped sniffio as a direct dependency and added the get_available_backends() function (#​1021)
  • Fixed Process.stdin.send() not raising ClosedResourceError and BrokenResourceError on asyncio. Previously, a non-AnyIO exception was raised in such cases (#​671; PR by @​gschaffner)
  • Fixed Process.stdin.send() not checkpointing before writing data on asyncio (#​1002; PR by @​gschaffner)
  • Fixed a race condition where cancelling a Future from BlockingPortal.start_task_soon() would sometimes not cancel the async function (#​1011; PR by @​gschaffner)
  • Fixed the presence of the pytest plugin causing breakage with older versions of pytest (<= 6.1.2) (#​1028; PR by @​saper)
  • Fixed a rarely occurring RuntimeError: Set changed size during iteration while shutting down the process pool when using the asyncio backend (#​985)
certifi/python-certifi (certifi)

v2026.2.25

Compare Source

jawah/charset_normalizer (charset-normalizer)

v3.4.6

Compare Source

Changed
  • Flattened the logic in charset_normalizer.md for higher performance. Removed eligible(..) and feed(...)
    in favor of feed_info(...).
  • Raised upper bound for mypy[c] to 1.20, for our optimized version.
  • Updated UNICODE_RANGES_COMBINED using Unicode blocks v17.
Fixed
  • Edge case where noise difference between two candidates can be almost insignificant. (#​672)
  • CLI --normalize writing to wrong path when passing multiple files in. (#​702)
Misc
  • Freethreaded pre-built wheels now shipped in PyPI starting with 3.14t. (#​616)

v3.4.5

Compare Source

Changed
  • Update setuptools constraint to setuptools>=68,<=82.
  • Raised upper bound of mypyc for the optional pre-built extension to v1.19.1
Fixed
  • Add explicit link to lib math in our optimized build. (#​692)
  • Logger level not restored correctly for empty byte sequences. (#​701)
  • TypeError when passing bytearray to from_bytes. (#​703)
Misc
  • Applied safe micro-optimizations in both our noise detector and language detector.
  • Rewrote the query_yes_no function (inside CLI) to avoid using ambiguous licensed code.
  • Added cd.py submodule into mypyc optional compilation to reduce further the performance impact.
fonttools/fonttools (fonttools)

v4.62.1

Compare Source

  • [feaLib] Extend contextual rule merging to all rule types: single subst, GSUB/GPOS named lookups, ignore rules, and chained alternate subst (#​4061).

v4.62.0

Compare Source

  • [diff] Add new fonttools diff command for comparing font files, imported from the fdiff project and heavily reworked (#​1190, #​4007, #​4009, #​4011, #​4013, #​4019).
  • [feaLib] Fix VariableScalar interpolation bug with non-linear avar mappings. Also decouple VariableScalar from compiled fonts, allowing it to work with designspace data before compilation (#​3938, #​4054).
  • [feaLib] Fix VariableScalar axis ordering and iterative delta rounding to match fontc behavior (#​4053).
  • [feaLib] Merge chained multi subst rules with same context into a single subtable instead of emitting one subtable per glyph (#​4016, #​4058).
  • [feaLib] Pass location to ConditionsetStatement to fix glyphsLib round-tripping (fontra/fontra-glyphs#130, #​4057).
  • [feaLib] Write 0xFFFF instead of 0 for missing nameIDs in cv feature params (#​4010, #​4012).
  • [cmap] Fix CmapSubtable.__lt__() TypeError on Python 3 when subtables share the same encoding record, and add compile-time validation for unique encoding records (#​4035, #​4055).
  • [svgLib] Skip non-element XML nodes (comments, processing instructions) when drawing SVG paths (#​4042, #​4043).
  • [glifLib] Fix regression reading glyph outlines when glyphObject=None (#​4030, #​4031).
  • [pointPen] Fix SegmentToPointPen edge case: only remove a duplicate final point on closePath() if it is an on-curve point (#​4014, #​4015).
  • [cffLib] SECURITY Replace eval() with safeEval() in parseBlendList() to prevent arbitrary code execution from crafted TTX files (#​4039, #​4040).
  • [ttLib] Remove defunct Adobe SING Glyphlet tables (META, SING, GMAP, GPKG) (#​4044).
  • [varLib.interpolatable] Various bugfixes: fix swapped nodeTypes assignment, duplicate kink-detector condition, typos, CFF2 vsindex parsing, glyph existence check, and plot helpers (#​4046).
  • [varLib.models] Fix getSubModel not forwarding extrapolate/axisRanges; check location uniqueness after stripping zeros (#​4047).
  • [varLib] Fix --variable-fonts filter in build_many; remove dead code and fix comments (#​4048).
  • [avar] Preserve existing name table in build; keep unbuild return types consistent; validate map CLI coordinates (#​4051).
  • [cu2qu/qu2cu] Add input validation: reject non-positive tolerances, validate curve inputs and list lengths (#​4052).
  • [colorLib] Raise a clear ColorLibError when base glyphs are missing from glyphMap, instead of a confusing KeyError (#​4041).
  • [glyf] Remove unnecessary fvar table dependency (#​4017).
  • [fvar/trak] Remove unnecessary name table dependency (#​4018).
  • [ufoLib] Relax guideline validation to follow the updated spec (#​3537, #​3553).
  • [ttFont] Fix saveXML regression with empty table lists, clarify docstring (#​4025, #​4026, #​4056).
  • [setup.py] Link libm for Cython extensions using math functions (#​4028, #​4029).
  • Add typing annotations for DSIG, DefaultTable, ttProgram (#​4033).

v4.61.1

Compare Source

  • [otlLib] buildCoverage: return empty Coverage instead of None (#​4003, #​4004).
  • [instancer] bug fix in avar2 full instancing (#​4002).
  • [designspaceLib] Preserve empty conditionsets when serializing to XML (#​4001).
  • [fontBu ilder] Fix FontBuilder setupOS2() default params globally polluted (#​3996, #​3997).
  • [ttFont] Add more typing annotations to ttFont, xmlWriter, sfnt, varLib.models and others (#​3952, #​3826).
  • Explicitly test and declare support for Python 3.14, even though we were already shipping pre-built wheels for it (#​3990).
pydantic/jiter (jiter)

v0.13.0

Compare Source

What's Changed

Full Changelog: pydantic/jiter@v0.12.0...v0.13.0

python-jsonschema/jsonschema (jsonschema)

v4.26.0

Compare Source

=======

  • Decrease import time by delaying importing of urllib.request (#​1416).
jupyter/jupyter_client (jupyter_client)

v8.8.0

Compare Source

(Full Changelog)

Enhancements made
Maintenance and upkeep improvements
Documentation improvements
Contributors to this release

The following people contributed discussions, new ideas, code and documentation contributions, and review.
See our definition of contributors.

(GitHub contributors page for this release)

@​Carreau (activity) | @​ccordoba12 (activity) | @​fleming79

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the dependencies Pull requests that update a dependency file label Nov 17, 2025
@renovate renovate bot requested a review from EntchenEric as a code owner November 17, 2025 06:05
@renovate
Copy link
Copy Markdown
Contributor Author

renovate bot commented Nov 17, 2025

Branch automerge failure

This PR was configured for branch automerge. However, this is not possible, so it has been raised as a PR instead.

  • Branch has one or more failed status checks

@renovate renovate bot requested a review from 2000Arion as a code owner November 17, 2025 06:05
@renovate renovate bot added the dependencies Pull requests that update a dependency file label Nov 17, 2025
@renovate renovate bot changed the title chore(deps): Update dependency numpy to v2.3.5 chore(deps): Update python-dependencies Nov 19, 2025
@renovate renovate bot force-pushed the renovate/python-dependencies branch 3 times, most recently from 8cb2bf0 to 45d0f92 Compare November 23, 2025 12:57
@renovate renovate bot force-pushed the renovate/python-dependencies branch 6 times, most recently from 01baafa to 385d1b2 Compare December 5, 2025 16:58
@renovate renovate bot force-pushed the renovate/python-dependencies branch 9 times, most recently from 7e4ab99 to a8640cc Compare December 12, 2025 18:03
@renovate renovate bot force-pushed the renovate/python-dependencies branch 2 times, most recently from b16f1c7 to 292445e Compare December 15, 2025 22:46
@renovate renovate bot force-pushed the renovate/python-dependencies branch 3 times, most recently from 119de14 to a95737e Compare December 19, 2025 17:27
@renovate renovate bot force-pushed the renovate/python-dependencies branch 8 times, most recently from 9d2c559 to 5af9c35 Compare January 11, 2026 01:50
@renovate renovate bot force-pushed the renovate/python-dependencies branch 6 times, most recently from dc1bc39 to 6b57d00 Compare January 22, 2026 02:27
@renovate renovate bot force-pushed the renovate/python-dependencies branch 10 times, most recently from 4bc01b8 to 0621fdd Compare January 29, 2026 22:01
@renovate renovate bot force-pushed the renovate/python-dependencies branch 5 times, most recently from 7355946 to 2a2a5c6 Compare February 2, 2026 14:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@2000Arion 2000Arion 2000Arion approved these changes

@EntchenEric EntchenEric Awaiting requested review from EntchenEric EntchenEric is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@2000Arion @EntchenEric