Skip to content

Bump the all-pip-packages group across 1 directory with 7 updates#267

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/all-pip-packages-7789b3f5cd
Open

Bump the all-pip-packages group across 1 directory with 7 updates#267
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/all-pip-packages-7789b3f5cd

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 15, 2026
edited
Loading

Updates the requirements on jinja2, mkdocs-git-revision-date-localized-plugin, mkdocs-material, numpy, pandas, pymdown-extensions and mike to permit the latest version.
Updates jinja2 to 3.1.6

Release notes

Sourced from jinja2's releases.

3.1.6

This is the Jinja 3.1.6 security release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Jinja2/3.1.6/ Changes: https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6

  • The |attr filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. GHSA-cpwx-vrp4-4pq7
Changelog

Sourced from jinja2's changelog.

Version 3.1.6

Released 2025-03-05

  • The |attr filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. :ghsa:cpwx-vrp4-4pq7

Version 3.1.5

Released 2024-12-21

  • The sandboxed environment handles indirect calls to str.format, such as by passing a stored reference to a filter that calls its argument. :ghsa:q2x7-8rv6-6q7h
  • Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. :issue:1792, :ghsa:gmj6-6f8f-6699
  • Sandbox does not allow clear and pop on known mutable sequence types. :issue:2032
  • Calling sync render for an async template uses asyncio.run. :pr:1952
  • Avoid unclosed auto_aiter warnings. :pr:1960
  • Return an aclose-able AsyncGenerator from Template.generate_async. :pr:1960
  • Avoid leaving root_render_func() unclosed in Template.generate_async. :pr:1960
  • Avoid leaving async generators unclosed in blocks, includes and extends. :pr:1960
  • The runtime uses the correct concat function for the current environment when calling block references. :issue:1701
  • Make |unique async-aware, allowing it to be used after another async-aware filter. :issue:1781
  • |int filter handles OverflowError from scientific notation. :issue:1921
  • Make compiling deterministic for tuple unpacking in a {% set ... %} call. :issue:2021
  • Fix dunder protocol (copy/pickle/etc) interaction with Undefined objects. :issue:2025
  • Fix copy/pickle support for the internal missing object. :issue:2027
  • Environment.overlay(enable_async) is applied correctly. :pr:2061
  • The error message from FileSystemLoader includes the paths that were searched. :issue:1661
  • PackageLoader shows a clearer error message when the package does not contain the templates directory. :issue:1705
  • Improve annotations for methods returning copies. :pr:1880
  • urlize does not add mailto: to values like @a@b. :pr:1870

... (truncated)

Commits

Updates mkdocs-git-revision-date-localized-plugin from 1.5.1 to 1.5.2

Release notes

Sourced from mkdocs-git-revision-date-localized-plugin's releases.

v1.5.2

What's Changed

Bug fixes

Dependency updates (security)

Full Changelog: timvink/mkdocs-git-revision-date-localized-plugin@v1.5.1...v1.5.2

Commits
  • 2afa3d2 Bump version to 1.5.2
  • 66e9b7e Document release process in CONTRIBUTING.md
  • 2fb5070 Merge pull request #209 from timvink/dependabot/uv/urllib3-2.7.0
  • d0bacc8 Bump urllib3 from 2.6.3 to 2.7.0
  • ee28ad9 Merge pull request #208 from timvink/dependabot/uv/gitpython-3.1.50
  • befbdab Bump gitpython from 3.1.49 to 3.1.50
  • 5c654ac Merge pull request #206 from timvink/dependabot/uv/pygments-2.20.0
  • 095abdd Merge pull request #207 from timvink/dependabot/uv/gitpython-3.1.49
  • 27bab6c Bump gitpython from 3.1.47 to 3.1.49
  • 301037e Bump pygments from 2.19.2 to 2.20.0
  • Additional commits viewable in compare view

Updates mkdocs-material to 9.7.6

Release notes

Sourced from mkdocs-material's releases.

mkdocs-material-9.7.6

[!WARNING]

Material for MkDocs is in maintenance mode

Going forward, the Material for MkDocs team focuses on Zensical, a next-gen static site generator built from first principles. We will provide critical bug fixes and security updates for Material for MkDocs until November 2026.

Read the full announcement on our blog

Changes

  • Automatically disable MkDocs 2.0 warning for forks of MkDocs
Changelog

Sourced from mkdocs-material's changelog.

mkdocs-material-9.7.6 (2026-03-19)

  • Automatically disable MkDocs 2.0 warning for forks of MkDocs

mkdocs-material-9.7.5 (2026-03-10)

  • Limited version range of mkdocs to <2
  • Updated MkDocs 2.0 incompatibility warning (clarify relation with MkDocs)

mkdocs-material-9.7.4 (2026-03-03)

  • Hardened social cards plugin by switching to sandboxed environment
  • Updated MkDocs 2.0 incompatibility warning

mkdocs-material-9.7.3 (2026-02-24)

  • Fixed #8567: Print MkDocs 2.0 incompatibility warning to stderr

mkdocs-material-9.7.2 (2026-02-18)

  • Opened up version ranges of optional dependencies for forward-compatibility
  • Added warning to 'mkdocs build' about impending MkDocs 2.0 incompatibility

mkdocs-material-9.7.1 (2025-12-18)

  • Updated requests to 2.30+ to mitigate CVE in urllib
  • Fixed privacy plugin not picking up protocol-relative URLs
  • Fixed #8542: false positives and negatives captured in privacy plugin

mkdocs-material-9.7.0 (2025-11-11)

⚠️ Material for MkDocs is now in maintenance mode

This is the last release of Material for MkDocs that will receive new features. Going forward, the Material for MkDocs team focuses on Zensical, a next-gen static site generator built from first principles. We will provide critical bug fixes and security updates for Material for MkDocs for 12 months at least.

Read the full announcement on our blog: https://squidfunk.github.io/mkdocs-material/blog/2025/11/05/zensical/

This release includes all features that were previously exclusive to the Insiders edition. These features are now freely available to everyone.

Note on deprecated plugins: The projects and typeset plugins are included in this release, but must be considered deprecated. Both plugins proved unsustainable to maintain and represent architectural dead ends. They are provided as-is without ongoing support.

Changes:

... (truncated)

Commits
  • 6c52ed6 Prepare 9.7.6 release
  • 51d9b76 Automatically disable MkDocs 2.0 warning for forks of MkDocs
  • 6f9a48b Updated links
  • 00b9933 Prepare 9.7.5 release
  • 37683d1 Updated blog post on MkDocs 2.0
  • 199e315 Updated warning message to clarify relation to MkDocs
  • 1025833 Limited version range of mkdocs to <2
  • 1532f52 Added update log to blog post
  • d0c8b28 Updated dependencies to fix vulnerabilities
  • 71d4869 Updated blog post on MkDocs 2.0
  • Additional commits viewable in compare view

Updates numpy from 2.4.2 to 2.4.4

Release notes

Sourced from numpy's releases.

2.4.4 (Mar 29, 2026)

NumPy 2.4.4 Release Notes

The NumPy 2.4.4 is a patch release that fixes bugs discovered after the 2.4.3 release. It should finally close issue #30816, the OpenBLAS threading problem on ARM.

This release supports Python versions 3.11-3.14

Contributors

A total of 8 people contributed to this release. People with a "+" by their names contributed a patch for the first time.

  • Charles Harris
  • Daniel Haag +
  • Denis Prokopenko +
  • Harshith J +
  • Koki Watanabe
  • Marten van Kerkwijk
  • Matti Picus
  • Nathan Goldbaum

Pull requests merged

A total of 7 pull requests were merged for this release.

  • #30978: MAINT: Prepare 2.4.x for further development
  • #31049: BUG: Add test to reproduce problem described in #30816 (#30818)
  • #31052: BUG: fix FNV-1a 64-bit selection by using NPY_SIZEOF_UINTP (#31035)
  • #31053: BUG: avoid warning on ufunc with where=True and no output
  • #31058: DOC: document caveats of ndarray.resize on 3.14 and newer
  • #31079: TST: fix POWER VSX feature mapping (#30801)
  • #31084: MAINT: numpy.i: Replace deprecated sprintf with snprintf...

2.4.3 (Mar 9, 2026)

NumPy 2.4.3 Release Notes

The NumPy 2.4.3 is a patch release that fixes bugs discovered after the 2.4.2 release. The most user visible fix may be a threading fix for OpenBLAS on ARM, closing issue #30816.

This release supports Python versions 3.11-3.14

Contributors

A total of 11 people contributed to this release. People with a "+" by their names contributed a patch for the first time.

  • Antareep Sarkar +

... (truncated)

Commits
  • be93fe2 Merge pull request #31090 from charris/prepare-2.4.4
  • f5245dc REL: Prepare for the NumPy 2.4.4 release
  • 02e838b Merge pull request #31084 from charris/backport-31056
  • fa74b2d MAINT: numpy.i: Replace deprecated sprintf with snprintf (#31056)
  • 533a6db Merge pull request #31079 from charris/backport-20801
  • 9e496cb TST: fix POWER VSX feature mapping (#30801)
  • 8052c4b Merge pull request #31058 from charris/backport-31021
  • 7f13b5a MAINT: Skip test on PyPy.
  • 4c5fdd6 MAINT: Remove unused import of tracemalloc.
  • a3ca5ed Update numpy/_core/src/multiarray/shape.c
  • Additional commits viewable in compare view

Updates pandas from 3.0.1 to 3.0.3

Release notes

Sourced from pandas's releases.

pandas 3.0.3

We are pleased to announce the release of pandas 3.0.3. This is a patch release in the 3.0.x series and includes some regression fixes and bug fixes. We recommend that all users of the 3.0.x series upgrade to this version.

See the full whatsnew for a list of all the changes.

Pandas 3.0 supports Python 3.11 and higher. The release can be installed from PyPI:

python -m pip install --upgrade pandas==3.0.*

Or from conda-forge

conda install -c conda-forge pandas=3.0

Please report any issues with the release on the pandas issue tracker.

Thanks to all the contributors who made this release possible.

pandas 3.0.2

We are pleased to announce the release of pandas 3.0.2. This is a patch release in the 3.0.x series and includes some regression fixes and bug fixes. We recommend that all users of the 3.0.x series upgrade to this version.

See the full whatsnew for a list of all the changes.

Pandas 3.0 supports Python 3.11 and higher. The release can be installed from PyPI:

python -m pip install --upgrade pandas==3.0.*

Or from conda-forge

conda install -c conda-forge pandas=3.0

Please report any issues with the release on the pandas issue tracker.

Thanks to all the contributors who made this release possible.

Commits
  • 72f2fea RLS: 3.0.3 (#65590)
  • 2897590 Backport PR #65436 on branch 3.0.x (Account for privatization of matplotlib `...
  • 49894b5 Backport PR #65499 on branch 3.0.x (BUG: fix check if pyarrow is installed in...
  • 1c6d1e3 [backport 3.0.x] PERF: remove special casing for zoneinfo in tz_localize_to_u...
  • 2a54711 Backport PR #64379 on branch 3.0.x (PERF: improve performance with ZoneInfo t...
  • 036bb7c Backport PR #65482 on branch 3.0.x (PERF: don't call unique on dtypes for che...
  • bf4c182 Backport PR #65410 on branch 3.0.x (TST: also convert str index to object in ...
  • dd02d75 [backport 3.0.x] BUG: keep fsspec OpenFile alive for chained URL reads (#6547...
  • aef3d0f [backport 3.0.x] CI: lowercase types-pymysql/types-pyyaml to fix mamba 2.6.0 ...
  • bb8e248 Backport PR #65399 on branch 3.0.x (DOC: fix source link for classes in the r...
  • Additional commits viewable in compare view

Updates pymdown-extensions from 10.21 to 10.21.3

Release notes

Sourced from pymdown-extensions's releases.

10.21.3

  • FIX: Fix regression that allows a snippet to be loaded outside of the base path using directory traversal when restrict_base_path is enabled (the default). Found by @​gistrec.

10.21. 2

10.21.2

  • FIX: Highlight: Latest Pygments versions cannot handle a "filename" for code block titles of None.

10.20.1

  • FIX: Quotes: Ensure the first class for callouts (the alert type) is always rendered lowercase.
Commits
  • 4262841 Fix spelling
  • 63b7835 Merge commit from fork
  • 3d18550 Docs: update js deps
  • a4fdd73 Skip tag 10.21.1 has we accidentally already used it
  • 8afb4cd Docs: Update JS deps
  • 7bf5b29 Pygments needs a non-None value for code block title (#2863)
  • 20b11eb Fix some spelling and formatting
  • c9edba3 Docs: strengthen Snippets warning and add security considerations
  • See full diff in compare view

Updates mike to 2.2.0

Release notes

Sourced from mike's releases.

v2.2.0

New features

Bug fixes

  • Use DST timestamps for new commits when DST is in effect
  • Support ISO8601 and RFC 2822 values for GIT_COMMITTER_DATE
Changelog

Sourced from mike's changelog.

v2.2.0 (2026-04-13)

New features

Bug fixes

  • Use DST timestamps for new commits when DST is in effect
  • Support ISO8601 and RFC 2822 values for GIT_COMMITTER_DATE

v2.1.4 (2026-03-07)

Bug fixes

  • Use built-in importlib in Python 3.10 and greater

v2.1.3 (2024-08-12)

Bug fixes

  • When deploying using a deploy prefix, only delete stale versions of the docs within that prefix

v2.1.2 (2024-06-23)

Bug fixes

  • Remove ambiguity of some Git commands so that file and branch names don't collide

v2.1.1 (2024-05-03)

Bug fixes

  • Support using environment variables for INHERIT when injecting the mike plugin into mkdocs.yml

v2.1.0 (2024-05-01)

New features

  • When calling set-default, you can now pass --allow-undefined to set the default to a version that doesn't exist yet
  • Add global-level -q / --quiet option to suppress warning messages

... (truncated)

Commits
  • b01e030 Update version to 2.2.0
  • ca60b84 Fix deprecation warning about split
  • 5b5ed31 Add ProperDocs support; resolves #259
  • 2adb1f1 Improve make_when implementation; resolves #260
  • 7363ce5 Update version to 2.2.0.dev0
  • fd2c5dc Update version to 2.1.4
  • 6bad205 Update copyright year
  • 9e5f876 Remove deprecated license classifier
  • 80c47ab Be more consistent with newlines in CHANGES.md
  • 11d4160 Use built-in importlib in Python 3.10 and greater
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the all-pip-packages group across 1 directory with 7 updates
bdd85d6 
Updates the requirements on [jinja2](https://github.com/pallets/jinja), [mkdocs-git-revision-date-localized-plugin](https://github.com/timvink/mkdocs-git-revision-date-localized-plugin), [mkdocs-material](https://github.com/squidfunk/mkdocs-material), [numpy](https://github.com/numpy/numpy), [pandas](https://github.com/pandas-dev/pandas), [pymdown-extensions](https://github.com/facelessuser/pymdown-extensions) and [mike](https://github.com/jimporter/mike) to permit the latest version.

Updates `jinja2` to 3.1.6
- [Release notes](https://github.com/pallets/jinja/releases)
- [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst)
- [Commits](pallets/jinja@2.11.1...3.1.6)

Updates `mkdocs-git-revision-date-localized-plugin` from 1.5.1 to 1.5.2
- [Release notes](https://github.com/timvink/mkdocs-git-revision-date-localized-plugin/releases)
- [Commits](timvink/mkdocs-git-revision-date-localized-plugin@v1.5.1...v1.5.2)

Updates `mkdocs-material` to 9.7.6
- [Release notes](https://github.com/squidfunk/mkdocs-material/releases)
- [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG)
- [Commits](squidfunk/mkdocs-material@9.7.3...9.7.6)

Updates `numpy` from 2.4.2 to 2.4.4
- [Release notes](https://github.com/numpy/numpy/releases)
- [Changelog](https://github.com/numpy/numpy/blob/main/doc/RELEASE_WALKTHROUGH.rst)
- [Commits](numpy/numpy@v2.4.2...v2.4.4)

Updates `pandas` from 3.0.1 to 3.0.3
- [Release notes](https://github.com/pandas-dev/pandas/releases)
- [Commits](pandas-dev/pandas@v3.0.1...v3.0.3)

Updates `pymdown-extensions` from 10.21 to 10.21.3
- [Release notes](https://github.com/facelessuser/pymdown-extensions/releases)
- [Commits](facelessuser/pymdown-extensions@10.21...10.21.3)

Updates `mike` to 2.2.0
- [Release notes](https://github.com/jimporter/mike/releases)
- [Changelog](https://github.com/jimporter/mike/blob/master/CHANGES.md)
- [Commits](jimporter/mike@v2.0.0...v2.2.0)

---
updated-dependencies:
- dependency-name: jinja2
  dependency-version: 3.1.6
  dependency-type: direct:production
  dependency-group: all-pip-packages
- dependency-name: mkdocs-git-revision-date-localized-plugin
  dependency-version: 1.5.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-pip-packages
- dependency-name: mkdocs-material
  dependency-version: 9.7.6
  dependency-type: direct:production
  dependency-group: all-pip-packages
- dependency-name: numpy
  dependency-version: 2.4.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-pip-packages
- dependency-name: pandas
  dependency-version: 3.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-pip-packages
- dependency-name: pymdown-extensions
  dependency-version: 10.21.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-pip-packages
- dependency-name: mike
  dependency-version: 2.2.0
  dependency-type: direct:production
  dependency-group: all-pip-packages
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels May 15, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants