Skip to content

Bump the "dependencies" group with 1 update across multiple ecosystems#80

Merged
kattni merged 1 commit into
mainfrom
dependabot/dependencies-bc2cbe0066
Jul 6, 2026
Merged

Bump the "dependencies" group with 1 update across multiple ecosystems#80
kattni merged 1 commit into
mainfrom
dependabot/dependencies-bc2cbe0066

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 5, 2026

Copy link
Copy Markdown
Contributor

Bumps the dependencies group with 2 updates: setuptools and setuptools-scm.

Updates setuptools from 82.0.1 to 83.0.0

Changelog

Sourced from setuptools's changelog.

v83.0.0

Features

  • Require Python 3.10 or later.

Bugfixes

  • MANIFEST.in matching (via FileList) is now insensitive to Unicode normalization form. A pattern authored in one form (e.g. NFC, as typically saved by editors) now matches a file whose name is stored on disk in another (e.g. NFD, as produced by macOS APFS/HFS+). Previously an exclude, global-exclude, recursive-exclude, or prune rule could silently fail to drop a non-ASCII-named file from the source distribution, publishing it despite the exclusion -- see GHSA-h35f-9h28-mq5c.

Deprecations and Removals

  • pypa/distutils#334
Commits
  • 6519f72 Bump version: 82.0.1 → 83.0.0
  • d1151b1 Merge pull request #5250 from pypa/feature/distutils-d7633fbed
  • a2df31e Capture removal of dry_run parameter in changelog.
  • 00144dc Moved newsfragment to the release where it occurred.
  • a4a5a2b Add news fragment.
  • 77470c2 Merge https://github.com/pypa/distutils into feature/distutils-d7633fbed
  • 3c43897 Merge pull request #5247 from pypa/copilot/fix-pypy-version-issue
  • bb6ea66 Bump PyPy from 3.10 to 3.11 in CI workflow
  • a2bc3ac Fix broken intersphinx reference to build's installation docs
  • 2d6a739 Use stacked parametrize decorators instead of itertools.product
  • Additional commits viewable in compare view

Updates setuptools-scm from 10.0.5 to 10.2.0

Release notes

Sourced from setuptools-scm's releases.

setuptools-scm v10.2.0

Added

  • Restore Python 3.8 and 3.9 support, re-enabling use as a build dependency for projects like scikit-build that still support these versions. (#1445)

Miscellaneous

  • Move PKG-INFO discovery tests from vcs-versioning to setuptools-scm where the entry points are registered. (#1446)

setuptools-scm v10.1.2

Fixed

  • Fix DeprecationWarning leak by threading VcsEnvironment through VersionInferenceConfig and using env.make_reader() in _should_write_to_source. (#1424)

setuptools-scm v10.1.1

Fixed

  • Update CI to use PyPy 3.11 as cryptography has no PyPy 3.10 build available (#1421)

setuptools-scm v10.1.0

Added

  • Add backward-compatible shims in setuptools_scm.git, setuptools_scm.hg, setuptools_scm.hg_git, and setuptools_scm.scm_workdir so that external code calling get_scm_version(config) or run_describe(config) with an explicit Configuration continues to work. The shim automatically wires _config and VcsEnvironment onto the workdir. (#compat-shims)
  • Write scm_version.json and scm_file_list.json into egg-info directories during egg_info, enabling sdist fallback version inference when no VCS is present. Add ScmEggInfoMixin for workdir-based file finding in find_sources(). (#egg-info-metadata)
  • Add write_to_source pyproject.toml option to control whether version files are written to the source tree. When unset, a deprecation warning advises setting it explicitly before the default changes in a future major release. The SETUPTOOLS_SCM_WRITE_TO_SOURCE environment variable overrides this setting. (#1301)
  • Adopt the workdir-centric pipeline from vcs-versioning: version discovery now follows an explicit env → config → workdir → version chain instead of relying on ambient globals and parse entry points. The egg_info command writes scm_version.json and scm_file_list.json metadata so sdists can infer versions without a VCS checkout. Requires vcs-versioning >= 2.0.0.dev0. (#1378)

Fixed

  • Fix worktree file listing test to expect relative paths from the file finder. The test now passes on Linux; Windows remains xfail due to a subprocess limitation with worktree directories. (#620)
  • Remove the _warn_on_old_setuptools() check that incorrectly warned when a custom build-backend caused setuptools.__version__ to return the project version instead of setuptools' version. The minimum setuptools version is now enforced via build-system requirements. (#1192)
  • Wrap version in setuptools.sic() when normalize = false to prevent setuptools from re-normalizing the version after our hook returns. This preserves CalVer zero-padding (e.g. 2024.01.05) and other non-canonical version strings in dist.metadata.version. (#1354)
  • Skip writing non-package version files to build_lib, fixing incorrect inclusion of root-level version files in wheels. (#1364)

Documentation

  • Rewrite the GitHub Actions CI/CD example to use a dedicated build job (via build-and-inspect-python-package) and OIDC Trusted Publishers instead of building in publishing jobs with long-lived API tokens. (#1215)
Commits
  • a705891 Merge pull request #1448 from pypa/release/main
  • 630448e Prepare release: setuptools-scm v10.2.0, vcs-versioning v2.2.0
  • aaf4950 Merge pull request #1445 from RonnyPfannschmidt/python-legacy
  • dd60bf9 Merge pull request #1447 from RonnyPfannschmidt/fix/1446-move-pkginfo-tests
  • 535f5ff fix: move PKG-INFO discovery tests to setuptools-scm (#1446)
  • 3546a0e feat: restore Python 3.8 and 3.9 support
  • 0cde123 Merge pull request #1443 from pypa/release/main
  • 51bc391 Prepare release: vcs-versioning v2.1.2
  • 310f3c3 Merge pull request #1442 from RonnyPfannschmidt/fix/1439-metadata-workdir-cus...
  • b7b70a8 fix: don't re-parse stored tags through tag_regex in MetadataWorkdir (#1439)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the dependencies group with 2 updates: [setuptools](https://github.com/pypa/setuptools) and [setuptools-scm](https://github.com/pypa/setuptools-scm).


Updates `setuptools` from 82.0.1 to 83.0.0
- [Release notes](https://github.com/pypa/setuptools/releases)
- [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst)
- [Commits](pypa/setuptools@v82.0.1...v83.0.0)

Updates `setuptools-scm` from 10.0.5 to 10.2.0
- [Release notes](https://github.com/pypa/setuptools-scm/releases)
- [Changelog](https://github.com/pypa/setuptools-scm/blob/main/RELEASE_SYSTEM.md)
- [Commits](pypa/setuptools-scm@setuptools-scm-v10.0.5...setuptools-scm-v10.2.0)

---
updated-dependencies:
- dependency-name: setuptools
  dependency-version: 83.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: setuptools-scm
  dependency-version: 10.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jul 5, 2026
@kattni
kattni merged commit d277964 into main Jul 6, 2026
1 check passed
@kattni
kattni deleted the dependabot/dependencies-bc2cbe0066 branch July 6, 2026 02:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant