Skip to content

chore(pip): bump the python group across 1 directory with 4 updates#258

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/python-434b3f3331
Closed

chore(pip): bump the python group across 1 directory with 4 updates#258
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/python-434b3f3331

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 9, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps the python group with 4 updates in the / directory: bazel-runfiles, wcwidth, bmw-lobster and basedpyright.

Updates bazel-runfiles from 1.9.0 to 2.0.2

Release notes

Sourced from bazel-runfiles's releases.

2.0.2

For more detailed setup instructions, see https://rules-python.readthedocs.io/en/latest/getting-started.html

For the user-facing changelog see here

Using Bzlmod

Add to your MODULE.bazel file:

bazel_dep(name = "rules_python", version = "2.0.2")
python = use_extension("@​rules_python//python/extensions:python.bzl", "python")
python.toolchain(
python_version = "3.13",
)
pip = use_extension("@​rules_python//python/extensions:pip.bzl", "pip")
pip.parse(
hub_name = "pypi",
python_version = "3.13",
requirements_lock = "//:requirements_lock.txt",
)
use_repo(pip, "pypi")

Using WORKSPACE

Paste this snippet into your WORKSPACE file:

load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
http_archive(
name = "rules_python",
sha256 = "2119ca04726066c53b8f1ff42dffa090ea7f3e42a75679f1cfda937406cf7753",
strip_prefix = "rules_python-2.0.2",
url = "https://github.com/bazel-contrib/rules_python/releases/download/2.0.2/rules_python-2.0.2.tar.gz",
)
load("@​rules_python//python:repositories.bzl", "py_repositories")
py_repositories()

Gazelle plugin

Paste this snippet into your WORKSPACE file:

... (truncated)

Changelog

Sourced from bazel-runfiles's changelog.

2.0.2 - 2026-05-14

{#v2-0-2-added}

Added

  • (toolchains) 3.13.12, 3.14.3 Python toolchain from 20260325 release.
  • (toolchains) 3.10.20, 3.11.15, 3.12.13, 3.13.13 3.14.4, 3.15.0a8
  • Python toolchain from 20260414 release.

{#v2-0-1}

2.0.1 - 2026-05-08

{#v2-0-1-fixed}

Fixed

  • (pypi) Fix the versions of packages that we are recording to a MODULE.bazel.lock file facts by passing all of the versions to the get_index function. Fixes #3756.
  • (bzlmod) Reduce default verbosity of our loggers for non-root modules (#3749).

{#v2-0-0}

2.0.0 - 2026-04-09

{#v2-0-0-removed}

Removed

  • Nothing removed.

{#v2-0-0-changed}

Changed

Breaking

  • {obj}--windows_enable_symlinks is required. Add startup --windows_enable_symlinks to your .bazelrc to enable Bazel using full symlink support on Windows.
  • venv-based binaries are created by default ({obj}--bootstrap_impl=system_python) on supported platforms (Linux/Mac with Bazel 8+, or Windows).
  • --build_python_zip on Windows is ignored. Use {obj}py_zipapp_binary to create zips of Python programs.
  • (pypi) Previously experimental_index_url users would not need to specify target platforms if cross-building is required. From now we will only pull wheels for the host OS to better align with how the rules work with the legacy

... (truncated)

Commits
  • 6aad882 ci: update RBE toolchain version from ubuntu2204 to ubuntu2404 (#3778)
  • 06bc9f7 feat(toolchains): Add 3.10.20, 3.11.15, 3.12.13, 3.13.{12,13} 3.14.{3,4}, 3.1...
  • e29c577 test: finish fixing the mocks in the pypi_cache
  • ed05762 fix(test): update the lock-file to corresspond to the current deps
  • 2852efd fix(logger): do not output WARN level logs for non-root modules (#3760)
  • d876cfe fix(pypi): pass the correct versions to get_index_urls and fix cache invalida...
  • 1390b36 fix(pypi): don't resolve python interpreter when not necessary (#3727)
  • 91b3224 fix(pypi): build the environment on the fly (#3720)
  • 577bb1f fix(pypi): correctly write the used facts back (#3719)
  • 8c726cb fix(pypi): skip index lookups when all package overrides are specified (#3710)
  • Additional commits viewable in compare view

Updates wcwidth from 0.2.14 to 0.8.1

Release notes

Sourced from wcwidth's releases.

0.8.1: Improved corrections tables

Full Changelog: jquast/wcwidth@0.8.0...0.8.1

0.8.0: new terminal-aware wcstwidth() function

  • New support for Variation Selector 15 Emojis as narrow, #211.
  • New argument, term_program for wcstwidth(), width(), clip(), wrap(), ljust(), rjust(), and center(). False disables corrections; True auto-detects by TERM_PROGRAM or TERM; string values accept canonical names matching list_term_programs(). wcstwidth()_ defaults to True; all other functions default to False.
  • Improved performance on Python 3.15 using standard library iter_graphemes() #206.
  • Improved memory usage and import time for Python 3.15 using lazy imports #221.
  • Bugfix Invisible_Stacker viramas now form conjuncts (Burmese, Khmer, etc.) and change some Virama width calculations to match jacobsandlund/uucode_ (ghostty) #223.
  • Updated graphemes width maximum now 2, matching Ghostty, foot, and Windows Terminal #224.

Full Changelog: jquast/wcwidth@0.7.0...0.8.0

0.7.0

  • New support for kitty text sizing protocol (OSC 66) in width() and clip().
  • New clip() parameter control_codes='parse', 'ignore', and 'strict'. clip() is now able to clip OSC 8 hyperlinks and OSC 66 text sizing sequences.
  • Improved clip() and width() to support horizontal cursor sequences (cub, cuf, hpa). Cursor-left (cub) or backspace (\b) now overwrites text. column_address (hpa) and carriage return (\r) are now parsed, and more values conditionally raise ValueError when control_codes='strict'.

PR's

Full Changelog: jquast/wcwidth@0.6.0...0.7.0

0.6.0

Full Changelog: jquast/wcwidth@0.5.3...0.6.0

0.5.3

Full Changelog: jquast/wcwidth@0.5.2...0.5.3

0.5.2

... (truncated)

Commits
  • d1c99fe hyperlink and wordfix
  • edb344a set to 0.8.1 not 2, not yet
  • 00d6fef Improve corrections tables (zeroer, narrow_wider, narrow_zeroer) (#226)
  • e8405a6 'of of' -> 'of', formatting
  • 1de17df set release date for 0.8.0 in readme
  • 9df7261 more docs
  • be0fdb2 document better
  • 2d9925b wcstwidth(term_program=True) default argument
  • 169c846 Terminal software identity-assisted wcswidth() (#220)
  • e4f76d5 bugfix virama with mc width is capped at 2, also (#225)
  • Additional commits viewable in compare view

Updates bmw-lobster from 1.0.2 to 1.0.3

Release notes

Sourced from bmw-lobster's releases.

Release 1.0.3

  • lobster-html-report:

    • [Bazel]: Added a parameter to specify the source root of the html report. Make sure that links to source files work correctly.

  • lobster-pkg:

    • Introduced API function. Added API function for the tool lobster-pkg which takes PkgToolConfig as input and extracts tracing values from package files. This is similar to running the tool lobster-pkg.

  • lobster-trlc:

    • Updated documentation to explain how to use the version flag (version-field) parameter in conversion rules and how it affects generated versioned tags.

  • lobster-report:

    • Fixed edge-case exception when loading a *.lobster file raised an AssertionError. The error was not propagated to the error output stream, but another exception was created instead.

  • lobster-json:

    • Fixed crash when processing empty JSON files. The tool now exits gracefully with return code 1 and prints a proper error message to stderr: "Input file contains invalid JSON."

  • All tools now automatically create output directories if they don't exist. Previously, tools would crash with an exception if the specified output directory path did not exist. This enhancement improves usability and prevents unexpected failures when working with nested directory structures.

  • lobster-codebeamer:

    • Improved error messages with detailed troubleshooting information:
      • Connection timeout errors now include the URL and suggest increasing timeout parameter
      • Connection errors provide actionable steps like checking internet connection and increasing retries
      • Network errors include clear failure reasons and suggested actions
      • HTTP response errors now include status code and reason
    • Changed default value of verify_ssl to True
    • If the configuration file contains an invalid schema value, an exception is raised. Earlier the fallback "activity" was used.

  • API documentation

    • Created comprehensive API documentation using Sphinx for better user experience across all LOBSTER tools.
    • Added detailed examples and configuration parameters for lobster-codebeamer, lobster-cpptest, lobster-report, lobster-html-report, and lobster-online-report tools.

  • Included Python 3.13 in the CI test matrix.

Changelog

Sourced from bmw-lobster's changelog.

1.0.3

  • lobster-html-report:

    • [Bazel]: Added a parameter to specify the source root of the html report. Make sure that links to source files work correctly.

  • lobster-pkg:

    • Introduced API function. Added API function for the tool lobster-pkg which takes PkgToolConfig as input and extracts tracing values from package files. This is similar to running the tool lobster-pkg.

  • lobster-trlc:

    • Updated documentation to explain how to use the version flag (version-field) parameter in conversion rules and how it affects generated versioned tags.

  • lobster-report:

    • Fixed edge-case exception when loading a *.lobster file raised an AssertionError. The error was not propagated to the error output stream, but another exception was created instead.

  • lobster-json:

    • Fixed crash when processing empty JSON files. The tool now exits gracefully with return code 1 and prints a proper error message to stderr: "Input file contains invalid JSON."

  • All tools now automatically create output directories if they don't exist. Previously, tools would crash with an exception if the specified output directory path did not exist. This enhancement improves usability and prevents unexpected failures when working with nested directory structures.

  • lobster-codebeamer:

    • Improved error messages with detailed troubleshooting information:
      • Connection timeout errors now include the URL and suggest increasing timeout parameter
      • Connection errors provide actionable steps like checking internet connection and increasing retries
      • Network errors include clear failure reasons and suggested actions
      • HTTP response errors now include status code and reason
    • Changed default value of verify_ssl to True
    • If the configuration file contains an invalid schema value, an exception is raised. Earlier the fallback "activity" was used.

  • API documentation

    • Created comprehensive API documentation using Sphinx for better user experience across all LOBSTER tools.
    • Added detailed examples and configuration parameters for lobster-codebeamer, lobster-cpptest, lobster-report, lobster-html-report, and lobster-online-report tools.

  • Included Python 3.13 in the CI test matrix.

Commits

Updates basedpyright from 1.35.0 to 1.39.7

Commits
  • c9a757d 1.39.7
  • d253d82 avoid duplicated capability registrations
  • 19c3545 fix empty semantic tokens response interfering with other language servers wh...
  • b018192 update baseline file
  • 15ee8f1 revert upstream's ai generated bash clusterfuck of an attempt at fixing the p...
  • daec470 try using pyprojectx to install primer instead of uv
  • f9650c5 update mypy_primer repo
  • 48fe1c8 don't recurse submodules when cloning repos in the primer, it screws up becau...
  • af9a1fd fix completely useless CalledProcesError messages
  • 3b5becb update this project's basedpyright/ruff config for the mypy_primer repo
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Jun 9, 2026
@dependabot dependabot Bot requested a review from castler as a code owner June 9, 2026 04:36
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jun 9, 2026
@dependabot dependabot Bot requested a review from hoe-jo as a code owner June 9, 2026 04:36
@dependabot dependabot Bot added the python Pull requests that update python code label Jun 9, 2026
@dependabot dependabot Bot requested review from LittleHuba, limdor and ramceb as code owners June 9, 2026 04:36
@dependabot dependabot Bot force-pushed the dependabot/pip/python-434b3f3331 branch 2 times, most recently from fa6e02a to 1080f85 Compare June 9, 2026 05:20
@dependabot
chore(pip): bump the python group across 1 directory with 4 updates
7a2a291 
Bumps the python group with 4 updates in the / directory: [bazel-runfiles](https://github.com/bazel-contrib/rules_python), [wcwidth](https://github.com/jquast/wcwidth), [bmw-lobster](https://github.com/bmw-software-engineering/lobster) and [basedpyright](https://github.com/detachhead/basedpyright).


Updates `bazel-runfiles` from 1.9.0 to 2.0.2
- [Release notes](https://github.com/bazel-contrib/rules_python/releases)
- [Changelog](https://github.com/bazel-contrib/rules_python/blob/main/CHANGELOG.md)
- [Commits](bazel-contrib/rules_python@1.9.0...2.0.2)

Updates `wcwidth` from 0.2.14 to 0.8.1
- [Release notes](https://github.com/jquast/wcwidth/releases)
- [Commits](jquast/wcwidth@0.2.14...0.8.1)

Updates `bmw-lobster` from 1.0.2 to 1.0.3
- [Release notes](https://github.com/bmw-software-engineering/lobster/releases)
- [Changelog](https://github.com/bmw-software-engineering/lobster/blob/main/CHANGELOG.md)
- [Commits](bmw-software-engineering/lobster@lobster-1.0.2...lobster-1.0.3)

Updates `basedpyright` from 1.35.0 to 1.39.7
- [Release notes](https://github.com/detachhead/basedpyright/releases)
- [Commits](DetachHead/basedpyright@v1.35.0...v1.39.7)

---
updated-dependencies:
- dependency-name: basedpyright
  dependency-version: 1.39.7
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python
- dependency-name: bazel-runfiles
  dependency-version: 2.0.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: python
- dependency-name: bmw-lobster
  dependency-version: 1.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python
- dependency-name: wcwidth
  dependency-version: 0.8.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/python-434b3f3331 branch from 1080f85 to 7a2a291 Compare June 9, 2026 05:42
@hoe-jo

hoe-jo commented Jun 9, 2026

Copy link
Copy Markdown
Contributor

No hint for a security update in the changelog, does not need merging

@hoe-jo hoe-jo closed this Jun 9, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jun 9, 2026

Copy link
Copy Markdown
Contributor Author

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@hoe-jo hoe-jo deleted the dependabot/pip/python-434b3f3331 branch June 9, 2026 10:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@castler castler Awaiting requested review from castler castler is a code owner

@hoe-jo hoe-jo Awaiting requested review from hoe-jo hoe-jo is a code owner

@LittleHuba LittleHuba Awaiting requested review from LittleHuba LittleHuba is a code owner

@limdor limdor Awaiting requested review from limdor limdor is a code owner

@ramceb ramceb Awaiting requested review from ramceb ramceb is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

INF - Infrastructure Community
Archived in project

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@hoe-jo