Skip to content

Bump the all-pip-packages group across 1 directory with 8 updates#871

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/all-pip-packages-f21dd97c94
Open

Bump the all-pip-packages group across 1 directory with 8 updates#871
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/all-pip-packages-f21dd97c94

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 22, 2026

Copy link
Copy Markdown
Contributor

Updates the requirements on jinja2, mkdocs-git-revision-date-localized-plugin, numpy, pandas, playwright, pymdown-extensions, pytest and pytest-playwright to permit the latest version.
Updates jinja2 to 3.1.6

Release notes

Sourced from jinja2's releases.

3.1.6

This is the Jinja 3.1.6 security release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Jinja2/3.1.6/ Changes: https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6

  • The |attr filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. GHSA-cpwx-vrp4-4pq7
Changelog

Sourced from jinja2's changelog.

Version 3.1.6

Released 2025-03-05

  • The |attr filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. :ghsa:cpwx-vrp4-4pq7

Version 3.1.5

Released 2024-12-21

  • The sandboxed environment handles indirect calls to str.format, such as by passing a stored reference to a filter that calls its argument. :ghsa:q2x7-8rv6-6q7h
  • Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. :issue:1792, :ghsa:gmj6-6f8f-6699
  • Sandbox does not allow clear and pop on known mutable sequence types. :issue:2032
  • Calling sync render for an async template uses asyncio.run. :pr:1952
  • Avoid unclosed auto_aiter warnings. :pr:1960
  • Return an aclose-able AsyncGenerator from Template.generate_async. :pr:1960
  • Avoid leaving root_render_func() unclosed in Template.generate_async. :pr:1960
  • Avoid leaving async generators unclosed in blocks, includes and extends. :pr:1960
  • The runtime uses the correct concat function for the current environment when calling block references. :issue:1701
  • Make |unique async-aware, allowing it to be used after another async-aware filter. :issue:1781
  • |int filter handles OverflowError from scientific notation. :issue:1921
  • Make compiling deterministic for tuple unpacking in a {% set ... %} call. :issue:2021
  • Fix dunder protocol (copy/pickle/etc) interaction with Undefined objects. :issue:2025
  • Fix copy/pickle support for the internal missing object. :issue:2027
  • Environment.overlay(enable_async) is applied correctly. :pr:2061
  • The error message from FileSystemLoader includes the paths that were searched. :issue:1661
  • PackageLoader shows a clearer error message when the package does not contain the templates directory. :issue:1705
  • Improve annotations for methods returning copies. :pr:1880
  • urlize does not add mailto: to values like @a@b. :pr:1870

... (truncated)

Commits

Updates mkdocs-git-revision-date-localized-plugin from 1.5.1 to 1.5.3

Release notes

Sourced from mkdocs-git-revision-date-localized-plugin's releases.

v1.5.3

What's Changed

New Contributors

Full Changelog: timvink/mkdocs-git-revision-date-localized-plugin@v1.5.2...v1.5.3

v1.5.2

What's Changed

Bug fixes

Dependency updates (security)

Full Changelog: timvink/mkdocs-git-revision-date-localized-plugin@v1.5.1...v1.5.2

Commits
  • 30e5876 Bump version to 1.5.3
  • d58c5be Merge pull request #211 from mitya57/fix-manifest
  • 6da0b4e Fix paths in MANIFEST.in
  • aa0d4a3 Constrain mkdocs to <2
  • 2afa3d2 Bump version to 1.5.2
  • 66e9b7e Document release process in CONTRIBUTING.md
  • 2fb5070 Merge pull request #209 from timvink/dependabot/uv/urllib3-2.7.0
  • d0bacc8 Bump urllib3 from 2.6.3 to 2.7.0
  • ee28ad9 Merge pull request #208 from timvink/dependabot/uv/gitpython-3.1.50
  • befbdab Bump gitpython from 3.1.49 to 3.1.50
  • Additional commits viewable in compare view

Updates numpy from 2.4.3 to 2.4.6

Release notes

Sourced from numpy's releases.

v2.4.6 (May 18, 2026)

NumPy 2.4.6 Release Notes

NumPy 2.4.6 is a quick release that fixes a regression discovered in the 2.4.5 release.

This release supports Python versions 3.11-3.14

Contributors

A total of 4 people contributed to this release. People with a "+" by their names contributed a patch for the first time.

  • !EarlMilktea
  • Charles Harris
  • Sebastian Berg
  • Warren Weckesser

Pull requests merged

A total of 4 pull requests were merged for this release.

  • #31444: MAINT: Prepare 2.4.x for further development
  • #31453: BUG: Fix regression in arr.conj()
  • #31459: BUG: np.linalg.svd(..., hermitian=True) returns non-unitary...
  • #31460: BUG: Don't call INCREF/DECREF on descr in NpyStringAcquireAllocator...

v2.4.5 (May 15, 2026)

NumPy 2.4.5 Release Notes

NumPy 2.4.5 is a patch release that fixes bugs discovered after the 2.4.4 release, has some typing improvements, and maintains infrastructure.

This release supports Python versions 3.11-3.14

Contributors

A total of 17 people contributed to this release. People with a "+" by their names contributed a patch for the first time.

  • Aleksei Nikiforov
  • Anarion Zuo +
  • Ankit Ahlawat
  • Breno Favaretto +
  • Charles Harris
  • Igor Krivenko +
  • Ijtihed Kilani +
  • Joren Hammudoglu
  • Maarten Baert +

... (truncated)

Commits
  • b832a09 Merge pull request #31462 from charris/prepare-2.4.6
  • 57cc147 REL: Prepare for the NumPy 2.4.6 release
  • 0c72b0b Merge pull request #31459 from charris/backport-31347
  • 9778d26 BUG: core: Don't call INCREF/DECREF on descr in NpyStringAcquireAllocator. (#...
  • e0e3876 BUG: core: Don't call INCREF/DECREF on descr in NpyStringAcquireAllocator. (#...
  • d1bffeb BUG: np.linalg.svd(..., hermitian=True) returns non-unitary vh (#31347)
  • 8d8d7e5 Merge pull request #31453 from seberg/issue-31452
  • bddaab7 BUG: Fix regression in arr.conj()
  • 37a1ecc Merge pull request #31444 from charris/begin-2.4.6
  • 3c0e043 MAINT: Prepare 2.4.x for further development
  • Additional commits viewable in compare view

Updates pandas from 3.0.1 to 3.0.3

Release notes

Sourced from pandas's releases.

pandas 3.0.3

We are pleased to announce the release of pandas 3.0.3. This is a patch release in the 3.0.x series and includes some regression fixes and bug fixes. We recommend that all users of the 3.0.x series upgrade to this version.

See the full whatsnew for a list of all the changes.

Pandas 3.0 supports Python 3.11 and higher. The release can be installed from PyPI:

python -m pip install --upgrade pandas==3.0.*

Or from conda-forge

conda install -c conda-forge pandas=3.0

Please report any issues with the release on the pandas issue tracker.

Thanks to all the contributors who made this release possible.

pandas 3.0.2

We are pleased to announce the release of pandas 3.0.2. This is a patch release in the 3.0.x series and includes some regression fixes and bug fixes. We recommend that all users of the 3.0.x series upgrade to this version.

See the full whatsnew for a list of all the changes.

Pandas 3.0 supports Python 3.11 and higher. The release can be installed from PyPI:

python -m pip install --upgrade pandas==3.0.*

Or from conda-forge

conda install -c conda-forge pandas=3.0

Please report any issues with the release on the pandas issue tracker.

Thanks to all the contributors who made this release possible.

Commits
  • 72f2fea RLS: 3.0.3 (#65590)
  • 2897590 Backport PR #65436 on branch 3.0.x (Account for privatization of matplotlib `...
  • 49894b5 Backport PR #65499 on branch 3.0.x (BUG: fix check if pyarrow is installed in...
  • 1c6d1e3 [backport 3.0.x] PERF: remove special casing for zoneinfo in tz_localize_to_u...
  • 2a54711 Backport PR #64379 on branch 3.0.x (PERF: improve performance with ZoneInfo t...
  • 036bb7c Backport PR #65482 on branch 3.0.x (PERF: don't call unique on dtypes for che...
  • bf4c182 Backport PR #65410 on branch 3.0.x (TST: also convert str index to object in ...
  • dd02d75 [backport 3.0.x] BUG: keep fsspec OpenFile alive for chained URL reads (#6547...
  • aef3d0f [backport 3.0.x] CI: lowercase types-pymysql/types-pyyaml to fix mamba 2.6.0 ...
  • bb8e248 Backport PR #65399 on branch 3.0.x (DOC: fix source link for classes in the r...
  • Additional commits viewable in compare view

Updates playwright from 1.58.0 to 1.60.0

Release notes

Sourced from playwright's releases.

v1.60.0

🐍 Python improvements

🌐 HAR recording on Tracing

tracing.start_har() / tracing.stop_har() expose HAR recording as a first-class tracing API, with the same content, mode and url_filter options as record_har:

context.tracing.start_har("trace.har")
page = context.new_page()
page.goto("https://playwright.dev")
context.tracing.stop_har()

🪝 Drop API

New locator.drop() simulates an external drag-and-drop of files or clipboard-like data onto an element. Playwright dispatches dragenter, dragover, and drop with a synthetic DataTransfer in the page context — works cross-browser and is great for testing upload zones:

page.locator("#dropzone").drop(
    files={"name": "note.txt", "mime_type": "text/plain", "buffer": b"hello"},
)
page.locator("#dropzone").drop(
data={
"text/plain": "hello world",
"text/uri-list": "https://example.com",
},
)

🎯 Aria snapshots

New APIs

Browser, Context and Page

Locators and Assertions

... (truncated)

Commits
  • 93f3201 chore: roll driver to 1.60.0 (#3079)
  • 0ebdf2d feat(assertions): add expect.soft() for collecting multiple failures (#3065)
  • 18810d8 feat: add FormData class for form and multipart requests (#3060)
  • b846cee chore: roll to 1.60.0-beta-1778142790000 (#3069)
  • 873c5c7 fix(setup): update auditwheel to 6.4.0 for InWheel tempdir fix (#3063)
  • 9df9fac feat: accept datetime.timedelta for timeout parameters (#3059)
  • 856ae37 devops: Update EsrpRelease (#3064)
  • 161bd3d build(deps): bump flake8 from 7.2.0 to 7.3.0 (#2896)
  • ac9bf29 build(deps): bump types-requests from 2.32.4.20250809 to 2.32.4.20260107 (#2975)
  • deb2df8 build(deps): bump pytest-cov from 6.3.0 to 7.1.0 (#2976)
  • Additional commits viewable in compare view

Updates pymdown-extensions from 10.21 to 10.21.3

Release notes

Sourced from pymdown-extensions's releases.

10.21.3

  • FIX: Fix regression that allows a snippet to be loaded outside of the base path using directory traversal when restrict_base_path is enabled (the default). Found by @​gistrec.

10.21. 2

10.21.2

  • FIX: Highlight: Latest Pygments versions cannot handle a "filename" for code block titles of None.

10.20.1

  • FIX: Quotes: Ensure the first class for callouts (the alert type) is always rendered lowercase.
Commits
  • 4262841 Fix spelling
  • 63b7835 Merge commit from fork
  • 3d18550 Docs: update js deps
  • a4fdd73 Skip tag 10.21.1 has we accidentally already used it
  • 8afb4cd Docs: Update JS deps
  • 7bf5b29 Pygments needs a non-None value for code block title (#2863)
  • 20b11eb Fix some spelling and formatting
  • c9edba3 Docs: strengthen Snippets warning and add security considerations
  • See full diff in compare view

Updates pytest from 9.0.2 to 9.1.0

Release notes

Sourced from pytest's releases.

9.1.0

pytest 9.1.0 (2026-06-13)

Removals and backward incompatible breaking changes

  • #14533: When using --doctest-modules, autouse fixtures with module, package or session scope that are defined inline in Python test modules (not plugins or conftests) will now possibly execute twice.

    If this is undesirable, move the fixture definition to a conftest.py file if possible.

    Technical explanation for those interested: When using --doctest-modules, pytest possibly collects Python modules twice, once as pytest.Module and once as a DoctestModule (depending on the configuration). Due to improvements in pytest's fixture implementation, if e.g. the DoctestModule collects a fixture, it is now visible to it only, and not to the Module. This means that both need to register the fixtures independently.

Deprecations (removal in next major release)

  • #10819: Added a deprecation warning for class-scoped fixtures defined as instance methods (without @classmethod). Such fixtures set attributes on a different instance than the test methods use, leading to unexpected behavior. Use @classmethod decorator instead -- by yastcher.

    See 10819 and 14011.

  • #12882: Calling request.getfixturevalue() <pytest.FixtureRequest.getfixturevalue> during teardown to request a fixture that was not already requested is now deprecated and will become an error in pytest 10.

    See dynamic-fixture-request-during-teardown for details.

  • #13409: Using non-~collections.abc.Collection iterables (such as generators, iterators, or custom iterable objects) for the argvalues parameter in @pytest.mark.parametrize <pytest.mark.parametrize ref> and metafunc.parametrize <pytest.Metafunc.parametrize> is now deprecated.

    These iterables get exhausted after the first iteration, leading to tests getting unexpectedly skipped in cases such as running pytest.main() multiple times, using class-level parametrize decorators, or collecting tests multiple times.

    See parametrize-iterators for details and suggestions.

  • #13946: The private config.inicfg attribute is now deprecated. Use config.getini() <pytest.Config.getini> to access configuration values instead.

    See config-inicfg for more details.

  • #14004: Passing baseid to ~pytest.FixtureDef or nodeid strings to fixture registration APIs is now deprecated. These are internal pytest APIs that are used by some plugins.

    Use the node parameter instead for fixture scoping. This enables more robust node-based matching instead of string prefix matching. If you've used nodeid=None, pass node=session instead.

    This will be removed in pytest 10.

  • #14335: The method of configuring hooks using markers, deprecated since pytest 7.2, is now scheduled to be removed in pytest 10. See hook-markers for more details.

  • #14434: The --pastebin option is now deprecated.

... (truncated)

Commits
  • b2522cf Prepare release version 9.1.0
  • 368d2fc [refactor] Tighten SetComparisonFunction to Iterator[str] (#14587)
  • ff77cd8 [refactor] Make base assertion comparisons return an iterator instead of a li...
  • 0d8491a build(deps): Bump actions/stale from 10.2.0 to 10.3.0
  • 4a809d9 Merge pull request #14568 from pytest-dev/register-fixture
  • 5dfa385 Fix recursion traceback test to cover all styles (#14582)
  • f52ff0c Add pytest.register_fixture
  • a8ac094 Merge pull request #14567 from pytest-dev/more-visibility-deprecate
  • e5620cd [pre-commit.ci] pre-commit autoupdate (#14577)
  • 2ce9c6d Merge pull request #14540 from minbang930/fix-14533-doctest-module-fixtures
  • Additional commits viewable in compare view

Updates pytest-playwright from 0.7.2 to 0.8.0

Release notes

Sourced from pytest-playwright's releases.

v0.8.0

Adds support for expect.soft() soft assertions.

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels May 22, 2026
@dependabot dependabot Bot force-pushed the dependabot/pip/all-pip-packages-f21dd97c94 branch from 0410761 to a5f9d96 Compare June 12, 2026 08:04
Updates the requirements on [jinja2](https://github.com/pallets/jinja), [mkdocs-git-revision-date-localized-plugin](https://github.com/timvink/mkdocs-git-revision-date-localized-plugin), [numpy](https://github.com/numpy/numpy), [pandas](https://github.com/pandas-dev/pandas), [playwright](https://github.com/microsoft/playwright-python), [pymdown-extensions](https://github.com/facelessuser/pymdown-extensions), [pytest](https://github.com/pytest-dev/pytest) and [pytest-playwright](https://github.com/microsoft/playwright-pytest) to permit the latest version.

Updates `jinja2` to 3.1.6
- [Release notes](https://github.com/pallets/jinja/releases)
- [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst)
- [Commits](pallets/jinja@2.11.1...3.1.6)

Updates `mkdocs-git-revision-date-localized-plugin` from 1.5.1 to 1.5.3
- [Release notes](https://github.com/timvink/mkdocs-git-revision-date-localized-plugin/releases)
- [Commits](timvink/mkdocs-git-revision-date-localized-plugin@v1.5.1...v1.5.3)

Updates `numpy` from 2.4.3 to 2.4.6
- [Release notes](https://github.com/numpy/numpy/releases)
- [Changelog](https://github.com/numpy/numpy/blob/main/doc/RELEASE_WALKTHROUGH.rst)
- [Commits](numpy/numpy@v2.4.3...v2.4.6)

Updates `pandas` from 3.0.1 to 3.0.3
- [Release notes](https://github.com/pandas-dev/pandas/releases)
- [Commits](pandas-dev/pandas@v3.0.1...v3.0.3)

Updates `playwright` from 1.58.0 to 1.60.0
- [Release notes](https://github.com/microsoft/playwright-python/releases)
- [Commits](microsoft/playwright-python@v1.58.0...v1.60.0)

Updates `pymdown-extensions` from 10.21 to 10.21.3
- [Release notes](https://github.com/facelessuser/pymdown-extensions/releases)
- [Commits](facelessuser/pymdown-extensions@10.21...10.21.3)

Updates `pytest` from 9.0.2 to 9.1.0
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](pytest-dev/pytest@9.0.2...9.1.0)

Updates `pytest-playwright` from 0.7.2 to 0.8.0
- [Release notes](https://github.com/microsoft/playwright-pytest/releases)
- [Commits](microsoft/playwright-pytest@v0.7.2...v0.8.0)

---
updated-dependencies:
- dependency-name: jinja2
  dependency-version: 3.1.6
  dependency-type: direct:production
  dependency-group: all-pip-packages
- dependency-name: mkdocs-git-revision-date-localized-plugin
  dependency-version: 1.5.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-pip-packages
- dependency-name: numpy
  dependency-version: 2.4.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-pip-packages
- dependency-name: pandas
  dependency-version: 3.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-pip-packages
- dependency-name: playwright
  dependency-version: 1.60.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-pip-packages
- dependency-name: pymdown-extensions
  dependency-version: 10.21.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-pip-packages
- dependency-name: pytest
  dependency-version: 9.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-pip-packages
- dependency-name: pytest-playwright
  dependency-version: 0.8.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-pip-packages
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/all-pip-packages-f21dd97c94 branch from a5f9d96 to e1dd3b8 Compare June 17, 2026 09:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants