Bump the python-root group across 1 directory with 6 updates

[dependabot]

Updates the requirements on isort, build, wheel, setuptools, protobuf and setuptools-scm to permit the latest version.
Updates isort from 7.0.0 to 8.0.1

Release notes

Sourced from isort's releases.

8.0.0

Changes

• Update CHANGELOG for version 8.0.0 (#2460) @​DanielNoord
• Fix edge case of __future__ import. (#2458) @​skv0zsneg
• Fix the Plone profile to be compatible with black (#2457) @​ale-rt
• typo fix (#2450) @​jsta
• Remove the setuptools plugin (#2427) @​DanielNoord
• Turn some warnings into errors in test suite (#2449) @​DanielNoord
• chore: replace black with ruff in clean.sh (#2448) @​joao-faria-dev
• feat!: remove old finders flag and legacy finder logic (#2446) @​joao-faria-dev
• Fix whitespace insensitive check triggering on tabs (#2437) @​robsdedude
• Fix line separator detection not considering form feed as white space (#2436) @​robsdedude
• Fix #1964: lines_before_import sometimes ignored (#1965) @​robsdedude
• Remove reference to 3.9 in README (#2434) @​DanielNoord

🚀 Features

• Ensure multiprocessing.Pool is always closed and joined (#2442) @​DanielNoord

👷 Continuous Integration

• Simplify CI by putting similar steps into a single action file (#2444) @​DanielNoord

📦 Dependencies

• Bump actions/checkout from 5 to 6 in the github-actions group (#2451) @dependabot[bot]
• Bump astral-sh/setup-uv from 6 to 7 in the github-actions group (#2441) @dependabot[bot]

Changelog

Sourced from isort's changelog.

Changelog

NOTE: isort follows the semver versioning standard. Find out more about isort's release policy here.

Releases

Unreleased

8.0.0 February 19 2026

• Removed --old-finders and --magic-placement flags and old_finders configuration option. The legacy finder logic that relied on environment introspection has been removed (#2445) @​joao-faria-dev
• Update the plone profile to not clash with black (#2456) @​ale-rt

6.1.0 October 1 2025

• Add python 3.14 classifier and badge (#2409) @​staticdev
• Drop use of non-standard pkg_resources API (#2405) @​dvarrazzo

6.0.1 Febuary 26 2025

• Add OSError handling in find_imports_in_file (#2331) @​kobarity

6.0.0 January 27 2025

• Remove support for Python 3.8 (#2327) @​DanielNoord
• Python 3.13 support (#2306) @​mayty
• Speed up exists_case_sensitive calls (#2264) @​correctmost
• Ensure that split_on_trailing_comma works with as imports (#2340) @​DanielNoord
• Black profile: enable magic comma (#2236) @​MrMino
• Update line_length and single_line_exclusions in google profile (#2149) @​jagapiou
• Allow --diff to be used with --jobs (#2302) @​mnakama
• Fix wemake profile to have correct character limit (#2241) @​sobolevn
• Fix sort_reexports code mangling (#2283) @​Helveg
• Fix correct group by package tokenization (#2136) @​glasnt

5.13.2 December 13 2023

• Apply the bracket fix from issue #471 only for use_parentheses=True (#2184) @​bp72
• Confine pre-commit to stages (#2213) @​davidculley
• Fixed colors extras (#2212) @​staticdev

5.13.1 December 11 2023

• Fixed integration tests (#2208) @​bp72
• Fixed normalizing imports from more than one level of parent modules (issue/2152) (#2191) @​bp72
• Remove optional dependencies without extras (#2207) @​staticdev

5.13.0 December 9 2023

... (truncated)

Commits

• a333737 Merge pull request #2463 from FinlayTheBerry/issue/2461
• 878ba7e Added compression to stdlibs for Python 3.14 in isort/stdlibs/py314.py
• b5f06a7 Merge pull request #2459 from Fridayai700/fix-unindented-comment-corruption
• 3459bde Merge pull request #2460 from PyCQA/DanielNoord-patch-1
• 6e70bb6 Update CHANGELOG for version 8.0.0
• fd2514b Fix unindented comments being corrupted in indented blocks
• b0f2dab Merge pull request #2458 from skv0zsneg/issue/1882
• 313797b Fix lint.
• 7d3a6f5 Add ignore for cyclomatic complexity check.
• 6b9f895 Remove debug prints.
• Additional commits viewable in compare view

Updates build from 1.4.0 to 1.4.4

Release notes

Sourced from build's releases.

1.4.4

What's Changed

• 🐛 fix(release): generate consistent CHANGELOG heading levels by @​gaborbernat in pypa/build#1032
• docs: move source links by @​henryiii in pypa/build#1034
• revert: drop PEP 660 change by @​henryiii in pypa/build#1039
• fix: ignore installed when running pip by @​henryiii in pypa/build#1040
• fix: revert part of #973 by @​henryiii in pypa/build#1044
• chore: report coverage failure lines by @​henryiii in pypa/build#1046
• tests: fix issue with uv run by @​henryiii in pypa/build#1048
• docs: reorganize testing docs for copy/paste by @​abitrolly in pypa/build#1043
• tests: keep environment from leaking in Python 3.15 by @​henryiii in pypa/build#1049
• docs: fix issue with changelog generation by @​henryiii in pypa/build#1050

Full Changelog: pypa/build@1.4.3...1.4.4

1.4.3

What's Changed

• 🐛 fix(api): resolve thread-safety races in build API by @​gaborbernat in pypa/build#1015
• 🐛 fix(builder): validate backend-path entries exist on disk by @​gaborbernat in pypa/build#1016
• test: cover config settings build paths by @​terminalchai in pypa/build#992
• Add kind=(step, ) for root messages with * by @​abitrolly in pypa/build#973
• fix: correct changelog category ordering by @​gaborbernat in pypa/build#1017
• 🐛 fix(cli): show full dependency chain in missing deps error by @​gaborbernat in pypa/build#1019
• tests: fully annotate by @​henryiii in pypa/build#1020
• chore: lazy imports by @​henryiii in pypa/build#1021
• chore: adding more ruff codes by @​henryiii in pypa/build#1022
• tests: improve annotations by @​henryiii in pypa/build#1023
• 🧪 test(coverage): achieve 100% test coverage by @​gaborbernat in pypa/build#1018
• chore: add ruff PT by @​henryiii in pypa/build#1025
• chore: add ruff PYI by @​henryiii in pypa/build#1026
• chore: add ruff SIM/RET by @​henryiii in pypa/build#1028
• 🐛 fix(env): strip PYTHONPATH from isolated builds by @​gaborbernat in pypa/build#1024
• chore: use ruff ALL by @​henryiii in pypa/build#1029
• 🐛 fix(env): prevent pip credential hang with private indexes by @​gaborbernat in pypa/build#1030
• 🐛 fix(check_dependency): verify URL reqs via PEP 610 by @​gaborbernat in pypa/build#1027

New Contributors

• @​terminalchai made their first contribution in pypa/build#992

Full Changelog: pypa/build@1.4.2...1.4.3

1.4.2

What's Changed

... (truncated)

Changelog

Sourced from build's changelog.

#################### 1.4.4 (2026-04-22) ####################

---

Bugfixes

---

• Fix release pipeline generating CHANGELOG.rst entries with inconsistent heading levels, which broke sphinx -W and pinned Read the Docs stable at 1.4.0 - by :user:gaborbernat. (:issue:1031)
• Revert :pr:1039 from build 1.4.3, no longer check direct_url (for now) - by :user:henryiii (:issue:1039)
• Add --ignore-installed to pip install command to prevent issues with packages already present in the isolated build environment - by :user:henryiii (:issue:1037) (:issue:1040)
• Partial revert of :pr:973, keeping log messages in one entry, multiple lines. (:issue:1044)

---

Miscellaneous

---

• :issue:1048, :issue:1049

#################### 1.4.3 (2026-04-10) ####################

---

Features

---

• Add kind parameter to log messages to separate semantic and representation - by :user:abitrolly (:issue:973)

---

Bugfixes

---

• Strip PYTHONPATH from the environment during isolated builds to prevent host packages from leaking into the build
  • by :user:gaborbernat (:issue:405)
• Pass --no-input to pip to prevent hidden credential prompts that cause hangs, and automatically set PIP_KEYRING_PROVIDER=subprocess (or UV_KEYRING_PROVIDER=subprocess for the uv installer) when the keyring CLI is on PATH -- by :user:gaborbernat (:issue:409)
• check_dependency now reports URL requirements as unmet instead of silently accepting them when a package with the same name is installed - by :user:gaborbernat (:issue:860)
• Fix misleading missing dependency error display where transitive dependency chains showed the top-level package on a separate line, making it appear as if the top-level package itself was missing - by :user:gaborbernat (:issue:875)
• Fix towncrier template to generate changelog categories in definition order - by :user:gaborbernat (:issue:1007)
• Resolve thread-safety races in the build API - by :user:gaborbernat (:issue:1015)
• Validate backend-path entries exist on disk with a clear error - by :user:gaborbernat (:issue:1016)

---

Miscellaneous

... (truncated)

Commits

• 70666a2 chore: prepare for 1.4.4
• 653d865 docs: fix issue with changelog generation (#1050)
• 373b9ee tests: keep environment from leaking in Python 3.15 (#1049)
• e37e2ae docs: reorganize testing docs for copy/paste (#1043)
• e9c194a tests: fix issue with uv run (#1048)
• 03b7d70 chore: report coverage failure lines (#1046)
• 2afa3b5 fix: revert part of #973 (#1044)
• b336f60 pre-commit: bump repositories (#1045)
• 6d8039a fix: ignore installed when running pip (#1040)
• ebf6eba revert: drop PEP 660 change (#1039)
• Additional commits viewable in compare view

Updates wheel from 0.46.3 to 0.47.0

Release notes

Sourced from wheel's releases.

0.47.0

• Added the wheel info subcommand to display metadata about wheel files without unpacking them (#639)
• Fixed WheelFile raising Missing RECORD file when the wheel filename contains uppercase characters (e.g. Django-3.2.5.whl) but the .dist-info directory inside uses normalized lowercase naming (#411)

Changelog

Sourced from wheel's changelog.

Release Notes

0.47.0 (2026-04-22)

• Added the wheel info subcommand to display metadata about wheel files without unpacking them ([#639](https://github.com/pypa/wheel/issues/639) <https://github.com/pypa/wheel/issues/639>_)
• Fixed WheelFile raising Missing RECORD file when the wheel filename contains uppercase characters (e.g. Django-3.2.5.whl) but the .dist-info directory inside uses normalized lowercase naming ([#411](https://github.com/pypa/wheel/issues/411) <https://github.com/pypa/wheel/issues/411>_)

0.46.3 (2026-01-22)

• Fixed ImportError: cannot import name '_setuptools_logging' from 'wheel' when installed alongside an old version of setuptools and running the bdist_wheel command ([#676](https://github.com/pypa/wheel/issues/676) <https://github.com/pypa/wheel/issues/676>_)

0.46.2 (2026-01-22)

• Restored the bdist_wheel command for compatibility with setuptools older than v70.1
• Importing wheel.bdist_wheel now emits a FutureWarning instead of a DeprecationWarning
• Fixed wheel unpack potentially altering the permissions of files outside of the destination tree with maliciously crafted wheels (CVE-2026-24049)

0.46.1 (2025-04-08)

• Temporarily restored the wheel.macosx_libfile module ([#659](https://github.com/pypa/wheel/issues/659) <https://github.com/pypa/wheel/issues/659>_)

0.46.0 (2025-04-03)

• Dropped support for Python 3.8
• Removed the bdist_wheel setuptools command implementation and entry point. The wheel.bdist_wheel module is now just an alias to setuptools.command.bdist_wheel, emitting a deprecation warning on import.
• Removed vendored packaging in favor of a run-time dependency on it
• Made the wheel.metadata module private (with a deprecation warning if it's imported
• Made the wheel.cli package private (no deprecation warning)
• Fixed an exception when calling the convert command with an empty description field

0.45.1 (2024-11-23)

• Fixed pure Python wheels converted from eggs and wininst files having the ABI tag in the file name

... (truncated)

Commits

• efd83a7 Created a new release
• bb69216 Reordered the changelog entries
• d5a1763 fix(wheelfile): resolve .dist-info path case-insensitively when reading wheel...
• 5718957 [pre-commit.ci] pre-commit autoupdate (#685)
• 6258068 chore: log_level is better than log_cli_level (#684)
• 2975deb Require tox >= 4.22
• 47674ba chore: add check-sdist to checks (#681)
• 56223f6 __package__ → __spec__.parent (#679)
• 0ce509e Added the wheel info subcommand (#669)
• 39039c0 Improved the index page
• Additional commits viewable in compare view

Updates setuptools from 80.10.2 to 82.0.1

Changelog

Sourced from setuptools's changelog.

v82.0.1

Bugfixes

• Fix the loading of launcher manifest.xml file. (#5047)
• Replaced deprecated json.__version__ with fixture in tests. (#5186)

Improved Documentation

• Add advice about how to improve predictability when installing sdists. (#5168)

Misc

• #4941, #5157, #5169, #5175

v82.0.0

Deprecations and Removals

• pkg_resources has been removed from Setuptools. Most common uses of pkg_resources have been superseded by the importlib.resources <https://docs.python.org/3/library/importlib.resources.html>_ and importlib.metadata <https://docs.python.org/3/library/importlib.metadata.html>_ projects. Projects and environments relying on pkg_resources for namespace packages or other behavior should depend on older versions of setuptools. (#3085)

v81.0.0

Deprecations and Removals

• Removed support for the --dry-run parameter to setup.py. This one feature by its nature threads through lots of core and ancillary functionality, adding complexity and friction. Removal of this parameter will help decouple the compiler functionality from distutils and thus the eventual full integration of distutils. These changes do affect some class and function signatures, so any derivative functionality may require some compatibility shims to support their expected interface. Please report any issues to the Setuptools project for investigation. (#4872)

Commits

• 5a13876 Bump version: 82.0.0 → 82.0.1
• 51ab8f1 Avoid using (deprecated) 'json.version' in tests (#5194)
• f9c37b2 Docs/CI: Fix intersphinx references (#5195)
• 8173db2 Docs: Fix intersphinx references
• 09bafbc Fix past tense on newsfragment
• 461ea56 Add news fragment
• c4ffe53 Avoid using (deprecated) 'json.version' in tests
• 749258b Cleanup pkg_resources dependencies and configuration (#5175)
• 2019c16 Parse ext-module.define-macros from pyproject.toml as list of tuples (#5169)
• b809c86 Sync setuptools schema with validate-pyproject (#5157)
• Additional commits viewable in compare view

Updates protobuf from 6.33.4 to 7.34.1

Release notes

Sourced from protobuf's releases.

Protocol Buffers v34.0-rc1

Announcements

• This version includes breaking changes to: C++, Objective-C, PHP, Python.
• [Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (protocolbuffers/protobuf@0a5c2f6)
• [C++] Make generator headers private (protocolbuffers/protobuf@3a2af35)
• [C++] Add a debug check that the target of CopyFrom is not a descendant of the source. (protocolbuffers/protobuf@7a75898)
• [C++] Add [[nodiscard]] to many APIs. (protocolbuffers/protobuf@a70115f)
• [C++] Make the arena-enabled constructors of RepeatedField, RepeatedPtrField, and Map private. (protocolbuffers/protobuf@ef890c3)
• [C++] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (protocolbuffers/protobuf@b76faa9)
• [C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria that takes a raw pointer as an argument in favor of the overload that takes a unique_ptr. Remove macro PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (protocolbuffers/protobuf@b115358)
• [C++] Remove deprecated FieldDescriptor::has_optional_keyword() in OSS. Use is_repeated() or has_presence() instead (protocolbuffers/protobuf@68346ec)
• [C++] Remove AddUnusedImportTrackFile() and ClearUnusedImportTrackFiles(). Remove PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (protocolbuffers/protobuf@837a2cd)
• [C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use (!is_required() && !is_repeated()) instead (protocolbuffers/protobuf@9dbc5d4)
• [C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (protocolbuffers/protobuf@c301c2c)
• [C++] All entity names have length limit (2afb0dc)
• [ObjC] Remove generate_minimal_imports generation option warning (protocolbuffers/protobuf@45b1297)
• [ObjC] Fix nullability annotations on some GPB*Dictionary types. (protocolbuffers/protobuf@ea67d6d)
• [ObjC] Remove -[GPBFieldDescriptor optional] (protocolbuffers/protobuf@3414dc1)
• [Other] Remove deprecated flag for enabling MSVC support (protocolbuffers/protobuf@97c979b)
• [PHP] Remove deprecated PHP APIs (protocolbuffers/protobuf@9c45014)
• [PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use IsRepeated or isRequired instead. (protocolbuffers/protobuf@4208121, protocolbuffers/protobuf@cd76e67, protocolbuffers/protobuf@4208121)
• [PHP] Add PHP typehints for setters and remove redundant GPBUtil checks (protocolbuffers/protobuf#25296) (protocolbuffers/protobuf@aee03b7)
• [PHP] support default values for editions/proto2 (protocolbuffers/protobuf#25161) (protocolbuffers/protobuf@b01099d)
• [Python] Raise errors in OSS when assign bool to int/enum field in Python Proto. (protocolbuffers/protobuf@5b116fe)
• [Python] Remove float_format/double_format from python proto text_format (protocolbuffers/protobuf@e4854a1)
• [Python] Raise TypeError when convert non-timedelta to Duration, or convert non-datetime to Timestamp in python proto. (Original code may raise ArributeError) (protocolbuffers/protobuf@00aaca1)
• [Python] Remove float_precision from python proto json_format (protocolbuffers/protobuf@f027f1f)
• [Python] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (protocolbuffers/protobuf@b76faa9)
• [Python] Remove deprecated FieldDescriptor.label (protocolbuffers/protobuf@0a8ff55)
• [Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (protocolbuffers/protobuf@c301c2c)
• Protobuf News may include additional announcements or pre-announcements for upcoming changes.
• Migration Guide may include additional guidance for breaking changes.

Bazel

• Fix: cc_toolchain should prefer protoc when prebuilt flag is flipped. (#25168) (protocolbuffers/protobuf@8c857c3)
• Breaking change: Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (protocolbuffers/protobuf@0a5c2f6)
• Feat(bazel): wire up prebuilt protoc toolchain (#24115) (protocolbuffers/protobuf@cc23698)
• Migrate proto_descriptor_set (#23369) (protocolbuffers/protobuf@8d4dfdd)

Compiler

• Ruby codegen: support generation of rbs files (#15633) (protocolbuffers/protobuf@6ebdf85)
• Avoid collision name problems between a message named Xyz and a direct sibling enum named XyzView (protocolbuffers/protobuf@eba53e8)
• Generalizing and implementing ValidateFeatureSupport for both Options and Features during proto parsing (protocolbuffers/protobuf@ed3c571)
• Fix a bug with custom features outside of the pb package. (protocolbuffers/protobuf@872d3ce)
• Fix import option handling when include_imports isn't set. (protocolbuffers/protobuf@9ef9e80)
• Fix a bug in STRICT check of namespaced enums to properly check for 'reserved 1 to max' (protocolbuffers/protobuf@1229d4a)
• Prevent accidental stripping of debug_redact options via import option. (protocolbuffers/protobuf@f58b098)

C++

• Add EnumerateEnumValues function. (protocolbuffers/protobuf@397d5d9)

... (truncated)

Commits

• See full diff in compare view

Updates setuptools-scm to 10.0.5

Release notes

Sourced from setuptools-scm's releases.

setuptools-scm v10.0.5

Fixed

• Allow dump_version() deprecation warning to be silenced by passing scm_version=None. (#1286)
• Remove [tool.uv.sources] from setuptools-scm/pyproject.toml to fix sdist builds outside the workspace — the workspace root already declares the source mapping for development. (#1330)

Commits

• e2ba34f Merge pull request #1328 from pypa/release/main
• d34d072 Prepare release: setuptools-scm v10.0.5
• 7c62809 Merge pull request #1332 from RonnyPfannschmidt/fix/1330-remove-workspace-sou...
• f600a29 fix: remove workspace source override from setuptools-scm member (fixes #1330)
• f76244e Merge pull request #1327 from RonnyPfannschmidt/update-classifiers-python-3.14
• 8c23c5b Merge pull request #1286 from effigies/scm_version_sentinel
• 629842a build: update trove classifiers and add Python 3.14 support
• 6a1fc3b Merge pull request #1318 from pypa/release/main
• a63b13a Prepare release: setuptools-scm v10.0.4, vcs-versioning v1.1.0
• 59275f7 Merge pull request #1325 from RonnyPfannschmidt/issue-1302-setuptools-build-b...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions