Bump the production-dependencies group across 1 directory with 4 updates by dependabot[bot] · Pull Request #1965 · opensafely/documentation

dependabot · 2026-04-20T07:15:47Z

Bumps the production-dependencies group with 4 updates in the / directory: charset-normalizer, build, python-discovery and virtualenv.

Updates charset-normalizer from 3.4.6 to 3.4.7

Release notes

Sourced from charset-normalizer's releases.

Version 3.4.7

3.4.7 (2026-04-02)

Changed

Pre-built optimized version using mypy[c] v1.20.

Relax setuptools constraint to setuptools>=68,<82.1.

Fixed

Correctly remove SIG remnant in utf-7 decoded string. (#718) (#716)

Changelog

Sourced from charset-normalizer's changelog.

3.4.7 (2026-04-02)

Changed

Pre-built optimized version using mypy[c] v1.20.

Relax setuptools constraint to setuptools>=68,<82.1.

Fixed

Correctly remove SIG remnant in utf-7 decoded string. (#718) (#716)

Commits

0f07891 Merge pull request #729 from jawah/release-3.4.7
fdbeb29 chore: update dev, and ci requirements
b66f922 chore: add ft classifier
f94249d chore: add test cases for utf_7 recent fix
95c866f chore: bump version to 3.4.7
4f429bb chore: bump mypy pre-commit to v1.20
b579cd6 fix: correctly remove SIG remnant in utf-7 decoded string
58bf944 ⬆️ Bump github/codeql-action from 4.32.4 to 4.35.1 (#728)
44cf8a1 ⬆️ Bump actions/download-artifact from 8.0.0 to 8.0.1 (#726)
362bc20 ⬆️ Bump docker/setup-qemu-action from 3.7.0 to 4.0.0 (#725)
Additional commits viewable in compare view

Updates build from 1.4.2 to 1.4.3

Release notes

Sourced from build's releases.

1.4.3

What's Changed

🐛 fix(api): resolve thread-safety races in build API by @gaborbernat in pypa/build#1015

🐛 fix(builder): validate backend-path entries exist on disk by @gaborbernat in pypa/build#1016

test: cover config settings build paths by @terminalchai in pypa/build#992

Add kind=(step, ) for root messages with * by @abitrolly in pypa/build#973

fix: correct changelog category ordering by @gaborbernat in pypa/build#1017

🐛 fix(cli): show full dependency chain in missing deps error by @gaborbernat in pypa/build#1019

tests: fully annotate by @henryiii in pypa/build#1020

chore: lazy imports by @henryiii in pypa/build#1021

chore: adding more ruff codes by @henryiii in pypa/build#1022

tests: improve annotations by @henryiii in pypa/build#1023

🧪 test(coverage): achieve 100% test coverage by @gaborbernat in pypa/build#1018

chore: add ruff PT by @henryiii in pypa/build#1025

chore: add ruff PYI by @henryiii in pypa/build#1026

chore: add ruff SIM/RET by @henryiii in pypa/build#1028

🐛 fix(env): strip PYTHONPATH from isolated builds by @gaborbernat in pypa/build#1024

chore: use ruff ALL by @henryiii in pypa/build#1029

🐛 fix(env): prevent pip credential hang with private indexes by @gaborbernat in pypa/build#1030

🐛 fix(check_dependency): verify URL reqs via PEP 610 by @gaborbernat in pypa/build#1027

New Contributors

@terminalchai made their first contribution in pypa/build#992

Full Changelog: pypa/build@1.4.2...1.4.3

Changelog

Sourced from build's changelog.

#################### 1.4.3 (2026-04-10) ####################

Features

Add kind parameter to log messages to separate semantic and representation - by :user:abitrolly (:issue:973)

Bugfixes

Strip PYTHONPATH from the environment during isolated builds to prevent host packages from leaking into the build

by :user:gaborbernat (:issue:405)

Pass --no-input to pip to prevent hidden credential prompts that cause hangs, and automatically set PIP_KEYRING_PROVIDER=subprocess (or UV_KEYRING_PROVIDER=subprocess for the uv installer) when the keyring CLI is on PATH -- by :user:gaborbernat (:issue:409)

check_dependency now reports URL requirements as unmet instead of silently accepting them when a package with the same name is installed - by :user:gaborbernat (:issue:860)

Fix misleading missing dependency error display where transitive dependency chains showed the top-level package on a separate line, making it appear as if the top-level package itself was missing - by :user:gaborbernat (:issue:875)

Fix towncrier template to generate changelog categories in definition order - by :user:gaborbernat (:issue:1007)

Resolve thread-safety races in the build API - by :user:gaborbernat (:issue:1015)

Validate backend-path entries exist on disk with a clear error - by :user:gaborbernat (:issue:1016)

Miscellaneous

:issue:1020, :issue:1021

#################### 1.4.2 (2026-03-25) ####################

Bugfixes

Ensure the uv installer uses the current version of Python, avoiding an issue if UV_PYTHON is set, for example. (:issue:977)

Fix _has_valid_outer_pip returning True when pip is missing, causing build to try using a non-existent pip instead of falling back to virtualenv. (:issue:1003)

#################### 1.4.1 (2026-03-24) ####################

... (truncated)

Commits

130b043 chore: prepare for 1.4.3
7642efe 🐛 fix(check_dependency): verify URL reqs via PEP 610 (#1027)
d407530 🐛 fix(env): prevent pip credential hang with private indexes (#1030)
b3dc114 chore: use ruff ALL (#1029)
27b67b2 🐛 fix(env): strip PYTHONPATH from isolated builds (#1024)
c1454fd chore: add ruff SIM/RET (#1028)
0b1ca1c chore: add ruff PYI (#1026)
f1dfe82 chore: add ruff PT (#1025)
4348292 🧪 test(coverage): achieve 100% test coverage (#1018)
5d3390b tests: improve annotations (#1023)
Additional commits viewable in compare view

Updates python-discovery from 1.2.1 to 1.2.2

Release notes

Sourced from python-discovery's releases.

1.2.2

What's Changed

export normalize_isa and deprecate KNOWN_ARCHITECTURES by @rahuldevikar in tox-dev/python-discovery#62

Full Changelog: tox-dev/python-discovery@1.2.1...1.2.2

Commits

50d8354 [pre-commit.ci] pre-commit autoupdate (#61)
52d36ef export normalize_isa and deprecate KNOWN_ARCHITECTURES (#62)
993fced build(deps): bump astral-sh/setup-uv from 7.6.0 to 8.0.0 (#60)
b7ab5b7 [pre-commit.ci] pre-commit autoupdate (#58)
See full diff in compare view

Updates virtualenv from 21.2.0 to 21.2.1

Release notes

Sourced from virtualenv's releases.

21.2.1

What's Changed

Upgrade embedded pip/setuptools/wheel by @github-actions[bot] in pypa/virtualenv#3093

Enhance upgrade workflow: age check, dedup, issue tracking by @rahuldevikar in pypa/virtualenv#3094

🐛 fix(create): use commonpath for correct path validation by @gaborbernat in pypa/virtualenv#3097

🔒 ci(workflows): add zizmor security auditing by @gaborbernat in pypa/virtualenv#3099

Add current and previous maintainers by @rahuldevikar in pypa/virtualenv#3101

🔧 fix(ci): restore git credentials for release and upgrade jobs by @gaborbernat in pypa/virtualenv#3102

Fix broken Installation link in README by @Bahtya in pypa/virtualenv#3106

fix: use terminal width for help formatting instead of hardcoded 240 by @Bahtya in pypa/virtualenv#3110

🐛 fix(nushell): surface actionable hint in deactivate error output by @gaborbernat in pypa/virtualenv#3112

👷 ci: fix setup-uv warnings and drop brew@3.9 by @gaborbernat in pypa/virtualenv#3113

fix(ci): fix pre-release push and release note generation by @gaborbernat in pypa/virtualenv#3114

fix(ci): check out repo in publish job for gh release notes by @gaborbernat in pypa/virtualenv#3115

New Contributors

@github-actions[bot] made their first contribution in pypa/virtualenv#3093

@Bahtya made their first contribution in pypa/virtualenv#3106

Full Changelog: pypa/virtualenv@21.2.0...21.2.1

Changelog

Sourced from virtualenv's changelog.

Bugfixes - 21.2.1

Upgrade embedded wheels:

setuptools to 82.0.1 from 82.0.0 (:issue:3093)

Use terminal width for help formatting instead of hardcoded 240. (:issue:3110)

v21.2.0 (2026-03-09)

Commits

d1fc6e6 Release 21.2.1
4136b51 fix(ci): check out repo in publish job for gh release notes (#3115)
d1decea fix(ci): persist git credentials in pre-release workflow (#3114)
48e2110 👷 ci: fix setup-uv warnings and drop brew@3.9 (#3113)
d00c465 🐛 fix(nushell): surface actionable hint in deactivate error output (#3112)
0a8c46a chore(deps): bump pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0 (#3111)
f0bbe17 fix: use terminal width for help formatting instead of hardcoded 240 (#3110)
dfaa738 [pre-commit.ci] pre-commit autoupdate (#3109)
cc658da chore(deps): bump astral-sh/setup-uv from 7.6.0 to 8.0.0 (#3107)
f235373 Fix broken Installation link in README (#3106)
Additional commits viewable in compare view

Bumps the production-dependencies group with 4 updates in the / directory: [charset-normalizer](https://github.com/jawah/charset_normalizer), [build](https://github.com/pypa/build), [python-discovery](https://github.com/tox-dev/python-discovery) and [virtualenv](https://github.com/pypa/virtualenv). Updates `charset-normalizer` from 3.4.6 to 3.4.7 - [Release notes](https://github.com/jawah/charset_normalizer/releases) - [Changelog](https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md) - [Commits](jawah/charset_normalizer@3.4.6...3.4.7) Updates `build` from 1.4.2 to 1.4.3 - [Release notes](https://github.com/pypa/build/releases) - [Changelog](https://github.com/pypa/build/blob/main/CHANGELOG.rst) - [Commits](pypa/build@1.4.2...1.4.3) Updates `python-discovery` from 1.2.1 to 1.2.2 - [Release notes](https://github.com/tox-dev/python-discovery/releases) - [Commits](tox-dev/python-discovery@1.2.1...1.2.2) Updates `virtualenv` from 21.2.0 to 21.2.1 - [Release notes](https://github.com/pypa/virtualenv/releases) - [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst) - [Commits](pypa/virtualenv@21.2.0...21.2.1) --- updated-dependencies: - dependency-name: charset-normalizer dependency-version: 3.4.7 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: build dependency-version: 1.4.3 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: python-discovery dependency-version: 1.2.2 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: virtualenv dependency-version: 21.2.1 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Apr 20, 2026

tomodwyer approved these changes Apr 20, 2026

View reviewed changes

dependabot Bot force-pushed the dependabot/pip/production-dependencies-1fd734232a branch from 5eba37b to 3384756 Compare April 20, 2026 10:43

tomodwyer merged commit d3a6120 into main Apr 20, 2026
1 check passed

tomodwyer deleted the dependabot/pip/production-dependencies-1fd734232a branch April 20, 2026 10:45

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the production-dependencies group across 1 directory with 4 updates#1965

Bump the production-dependencies group across 1 directory with 4 updates#1965
tomodwyer merged 1 commit intomainfrom
dependabot/pip/production-dependencies-1fd734232a

dependabot Bot commented on behalf of github Apr 20, 2026 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github Apr 20, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Version 3.4.7

3.4.7 (2026-04-02)

Changed

Fixed

3.4.7 (2026-04-02)

Changed

Fixed

1.4.3

What's Changed

New Contributors

1.2.2

What's Changed

21.2.1

What's Changed

New Contributors

Bugfixes - 21.2.1

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot Bot commented on behalf of github Apr 20, 2026 •

edited

Loading