Skip to content

ci: Bump the ci group across 1 directory with 5 updates #233

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

ci: Bump the ci group across 1 directory with 5 updates #233

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 17, 2025
edited
Loading

Bumps the ci group with 5 updates in the /.github/workflows directory:

Package From To
nox 2024.10.9 2025.2.9
nox-poetry 1.0.3 1.1.0
pip 24.3.1 25.0.1
poetry 2.0.1 2.1.1
poetry-dynamic-versioning 1.7.0 1.7.1

Updates nox from 2024.10.9 to 2025.2.9

Release notes

Sourced from nox's releases.

2025.02.09 💝

This release improves PEP 723 support, including adding dependencies to the noxfile itself ("plugins"). It adds the long-awaited "requires" option, allowing sessions to require other sessions. And it brings further improvements to the pyproject.toml support, including helpers for dependency-groups and Python version lists.

We'd like to thank the following folks who contributed to this release:

New features:

Bugfixes:

Bugfixes related to uv support:

Tox-to-nox script:

Improved noxfile validation:

... (truncated)

Changelog

Sourced from nox's changelog.

Changelog

2025.02.09

This release improves PEP 723 support, including adding dependencies to the noxfile itself ("plugins"). It adds the long-awaited "requires" option, allowing sessions to require other sessions. And it brings further improvements to the pyproject.toml support, including helpers for dependency-groups and Python version lists.

We'd like to thank the following folks who contributed to this release:

New features:

Bugfixes:

Bugfixes related to uv support:

Tox-to-nox script:

Improved noxfile validation:

... (truncated)

Commits

Updates nox-poetry from 1.0.3 to 1.1.0

Release notes

Sourced from nox-poetry's releases.

v1.1.0

Changes

Features

Documentation

Chores

Commits

Updates pip from 24.3.1 to 25.0.1

Changelog

Sourced from pip's changelog.

25.0.1 (2025-02-09)

Bug Fixes

  • Fix an unsupported type annotation on Python 3.10 and earlier. ([#13181](https://github.com/pypa/pip/issues/13181) <https://github.com/pypa/pip/issues/13181>_)
  • Fix a regression where truststore would never be used while installing build dependencies. ([#13186](https://github.com/pypa/pip/issues/13186) <https://github.com/pypa/pip/issues/13186>_)

25.0 (2025-01-26)

Deprecations and Removals

  • Deprecate the no-python-version-warning flag as it has long done nothing since Python 2 support was removed in pip 21.0. ([#13154](https://github.com/pypa/pip/issues/13154) <https://github.com/pypa/pip/issues/13154>_)

Features

  • Prefer to display :pep:639 License-Expression in pip show if metadata version is at least 2.4. ([#13112](https://github.com/pypa/pip/issues/13112) <https://github.com/pypa/pip/issues/13112>_)
  • Support :pep:639 License-Expression and License-File metadata fields in JSON output. pip inspect and pip install --report now emit license_expression and license_file fields in the metadata object, if the corresponding fields are present in the installed METADATA file. ([#13134](https://github.com/pypa/pip/issues/13134) <https://github.com/pypa/pip/issues/13134>_)
  • Files in the network cache will inherit the read/write permissions of pip's cache directory (in addition to the current user retaining read/write access). This enables a single cache to be shared among multiple users. ([#11012](https://github.com/pypa/pip/issues/11012) <https://github.com/pypa/pip/issues/11012>_)
  • Return the size, along with the number, of files cleared on pip cache purge and pip cache remove ([#12176](https://github.com/pypa/pip/issues/12176) <https://github.com/pypa/pip/issues/12176>_)
  • Cache python-requires checks while filtering potential installation candidates. ([#13128](https://github.com/pypa/pip/issues/13128) <https://github.com/pypa/pip/issues/13128>_)
  • Optimize package collection by avoiding unnecessary URL parsing and other processing. ([#13132](https://github.com/pypa/pip/issues/13132) <https://github.com/pypa/pip/issues/13132>_)

Bug Fixes

  • Reorder the encoding detection when decoding a requirements file, relying on UTF-8 over the locale encoding by default, matching the documented behaviour. ([#12771](https://github.com/pypa/pip/issues/12771) <https://github.com/pypa/pip/issues/12771>_)
  • The pip version self check is disabled on EXTERNALLY-MANAGED environments. ([#11820](https://github.com/pypa/pip/issues/11820) <https://github.com/pypa/pip/issues/11820>_)
  • Fix a security bug allowing a specially crafted wheel to execute code during installation. ([#13079](https://github.com/pypa/pip/issues/13079) <https://github.com/pypa/pip/issues/13079>_)
  • The inclusion of packaging 24.2 changes how pre-release specifiers with < and > behave. Including a pre-release version with these specifiers now implies accepting pre-releases (e.g., <2.0dev can include 1.0rc1). To avoid implying pre-releases, avoid specifying them (e.g., use <2.0). The exception is !=, which never implies pre-releases. ([#13163](https://github.com/pypa/pip/issues/13163) <https://github.com/pypa/pip/issues/13163>_)
  • The --cert and --client-cert command-line options are now respected while installing build dependencies. Consequently, the private _PIP_STANDALONE_CERT environment variable is no longer used. ([#5502](https://github.com/pypa/pip/issues/5502) <https://github.com/pypa/pip/issues/5502>_)

... (truncated)

Commits
  • bc7c88c Bump for release
  • ebd0a52 Don't pass --cert to build subprocesses unless also given on CLI
  • aea8629 Fix locate_file() type hints for older Pythons
  • e612988 Add build-project.py compatibility note
  • 202344e Update the release process docs
  • dc696c2 Patch out EXTERNALLY-MANAGED for self-check tests (#13179)
  • f47b587 Bump for release
  • 74a7f33 Update AUTHORS.txt
  • a008888 Merge pull request #13171 from pypa/dependabot/github_actions/github-actions-...
  • d265fb7 Merge pull request #13174 from ichard26/changelog
  • Additional commits viewable in compare view

Updates poetry from 2.0.1 to 2.1.1

Release notes

Sourced from poetry's releases.

2.1.1

Fixed

  • Fix an issue where poetry env use python does not choose the Python from the PATH (#10187).

poetry-core (2.1.1)

  • Fix an issue where simplifying a python_version marker resulted in an invalid marker (#838).

2.1.0

Added

  • Make build command build-system agnostic (#10059, #10092).
  • Add a --config-settings option to poetry build (#10059).
  • Add support for defining config-settings when building dependencies (#10129).
  • Add (experimental) commands to manage Python installations (#10112).
  • Use findpython to find the Python interpreters (#10097).
  • Add a --no-truncate option to poetry show (#9580).
  • Re-add support for passwords with empty usernames (#10088).
  • Add better error messages (#10053, #10065, #10126, #10127, #10132).

Changed

  • poetry new defaults to "src" layout by default (#10135).
  • Improve performance of locking dependencies (#10111, #10114, #10138, #10146).
  • Deprecate adding sources without specifying --priority (#10134).

Fixed

  • Fix an issue where global options were not handled correctly when positioned after command options (#10021, #10067, #10128).
  • Fix an issue where building a dependency from source failed because of a conflict between build-system dependencies that were not required for the target environment (#10048).
  • Fix an issue where poetry init was not able to find a package on PyPI while adding dependencies interactively (#10055).
  • Fix an issue where the @latest descriptor was incorrectly passed to the core requirement parser (#10069).
  • Fix an issue where Boolean environment variables set to True (in contrast to true) were interpreted as false (#10080).
  • Fix an issue where poetry env activate reported a misleading error message (#10087).
  • Fix an issue where adding an optional dependency with poetry add --optional would not correctly update the lock file (#10076).
  • Fix an issue where pip was not installed/updated before other dependencies resulting in a race condition (#10102).
  • Fix an issue where Poetry freezes when multiple threads attempt to unlock the keyring simultaneously (#10062).
  • Fix an issue where markers with extras were not locked correctly (#10119).
  • Fix an issue where self-referential extras were not resolved correctly (#10106).
  • Fix an issue where Poetry could not be run from a zipapp (#10074).
  • Fix an issue where installation failed with a permission error when using the system environment as a user without write access to system site packages (#9014).
  • Fix an issue where a version of a dependency that is not compatible with the project's python constraint was locked. (#10141).
  • Fix an issue where Poetry wrongly reported that the current project's supported Python range is not compatible with some of the required packages Python requirement (#10157).
  • Fix an issue where the requested extras of a dependency were ignored if the same dependency (with same extras) was specified in multiple groups (#10158).

Docs

  • Sort commands by name in the CLI reference (#10035).
  • Add missing documentation for env commands (#10027).

... (truncated)

Changelog

Sourced from poetry's changelog.

[2.1.1] - 2025-02-16

Fixed

  • Fix an issue where poetry env use python does not choose the Python from the PATH (#10187).

poetry-core (2.1.1)

  • Fix an issue where simplifying a python_version marker resulted in an invalid marker (#838).

[2.1.0] - 2025-02-15

Added

  • Make build command build-system agnostic (#10059, #10092).
  • Add a --config-settings option to poetry build (#10059).
  • Add support for defining config-settings when building dependencies (#10129).
  • Add (experimental) commands to manage Python installations (#10112).
  • Use findpython to find the Python interpreters (#10097).
  • Add a --no-truncate option to poetry show (#9580).
  • Re-add support for passwords with empty usernames (#10088).
  • Add better error messages (#10053, #10065, #10126, #10127, #10132).

Changed

  • poetry new defaults to "src" layout by default (#10135).
  • Improve performance of locking dependencies (#10111, #10114, #10138, #10146).
  • Deprecate adding sources without specifying --priority (#10134).

Fixed

  • Fix an issue where global options were not handled correctly when positioned after command options (#10021, #10067, #10128).
  • Fix an issue where building a dependency from source failed because of a conflict between build-system dependencies that were not required for the target environment (#10048).
  • Fix an issue where poetry init was not able to find a package on PyPI while adding dependencies interactively (#10055).
  • Fix an issue where the @latest descriptor was incorrectly passed to the core requirement parser (#10069).
  • Fix an issue where Boolean environment variables set to True (in contrast to true) were interpreted as false (#10080).
  • Fix an issue where poetry env activate reported a misleading error message (#10087).
  • Fix an issue where adding an optional dependency with poetry add --optional would not correctly update the lock file (#10076).
  • Fix an issue where pip was not installed/updated before other dependencies resulting in a race condition (#10102).

... (truncated)

Commits

Updates poetry-dynamic-versioning from 1.7.0 to 1.7.1

Release notes

Sourced from poetry-dynamic-versioning's releases.

v1.7.1 (2025-01-22)

  • Fixed:
    • There was an intermittent ValueError in PEP 621 mode, related to trying to remove "version" from project.dynamic when it had already been removed.
Changelog

Sourced from poetry-dynamic-versioning's changelog.

v1.7.1 (2025-01-22)

  • Fixed:
    • There was an intermittent ValueError in PEP 621 mode, related to trying to remove "version" from project.dynamic when it had already been removed.
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
ci: Bump the ci group across 1 directory with 5 updates
283b87b 
Bumps the ci group with 5 updates in the /.github/workflows directory:

| Package | From | To |
| --- | --- | --- |
| [nox](https://github.com/wntrblm/nox) | `2024.10.9` | `2025.2.9` |
| [nox-poetry](https://github.com/cjolowicz/nox-poetry) | `1.0.3` | `1.1.0` |
| [pip](https://github.com/pypa/pip) | `24.3.1` | `25.0.1` |
| [poetry](https://github.com/python-poetry/poetry) | `2.0.1` | `2.1.1` |
| [poetry-dynamic-versioning](https://github.com/mtkennerly/poetry-dynamic-versioning) | `1.7.0` | `1.7.1` |



Updates `nox` from 2024.10.9 to 2025.2.9
- [Release notes](https://github.com/wntrblm/nox/releases)
- [Changelog](https://github.com/wntrblm/nox/blob/main/CHANGELOG.md)
- [Commits](wntrblm/nox@2024.10.09...2025.02.09)

Updates `nox-poetry` from 1.0.3 to 1.1.0
- [Release notes](https://github.com/cjolowicz/nox-poetry/releases)
- [Commits](cjolowicz/nox-poetry@v1.0.3...v1.1.0)

Updates `pip` from 24.3.1 to 25.0.1
- [Changelog](https://github.com/pypa/pip/blob/main/NEWS.rst)
- [Commits](pypa/pip@24.3.1...25.0.1)

Updates `poetry` from 2.0.1 to 2.1.1
- [Release notes](https://github.com/python-poetry/poetry/releases)
- [Changelog](https://github.com/python-poetry/poetry/blob/main/CHANGELOG.md)
- [Commits](python-poetry/poetry@2.0.1...2.1.1)

Updates `poetry-dynamic-versioning` from 1.7.0 to 1.7.1
- [Release notes](https://github.com/mtkennerly/poetry-dynamic-versioning/releases)
- [Changelog](https://github.com/mtkennerly/poetry-dynamic-versioning/blob/master/CHANGELOG.md)
- [Commits](mtkennerly/poetry-dynamic-versioning@v1.7.0...v1.7.1)

---
updated-dependencies:
- dependency-name: nox
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: ci
- dependency-name: nox-poetry
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ci
- dependency-name: pip
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: ci
- dependency-name: poetry
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ci
- dependency-name: poetry-dynamic-versioning
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: ci
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Feb 17, 2025
@dependabot dependabot bot requested a review from edgarrmondragon February 17, 2025 00:51
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Feb 26, 2025

Superseded by #234.

@dependabot dependabot bot closed this Feb 26, 2025
@dependabot dependabot bot deleted the dependabot/pip/dot-github/workflows/ci-13f51c22c2 branch February 26, 2025 00:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@edgarrmondragon edgarrmondragon Awaiting requested review from edgarrmondragon

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file python Pull requests that update Python code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants