Skip to content

deps(deps): bump the pip group with 3 updates #544

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
github-actions merged 1 commit into from
Jan 1, 2026
Merged

deps(deps): bump the pip group with 3 updates #544

github-actions merged 1 commit into from
Jan 1, 2026

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 1, 2026

Bumps the pip group with 3 updates: ruff, mypy and caldav.

Updates ruff from 0.14.7 to 0.14.10

Release notes

Sourced from ruff's releases.

0.14.10

Release Notes

Released on 2025-12-18.

Preview features

  • [formatter] Fluent formatting of method chains (#21369)
  • [formatter] Keep lambda parameters on one line and parenthesize the body if it expands (#21385)
  • [flake8-implicit-str-concat] New rule to prevent implicit string concatenation in collections (ISC004) (#21972)
  • [flake8-use-pathlib] Make fixes unsafe when types change in compound statements (PTH104, PTH105, PTH109, PTH115) (#22009)
  • [refurb] Extend support for Path.open (FURB101, FURB103) (#21080)

Bug fixes

  • [pyupgrade] Fix parsing named Unicode escape sequences (UP032) (#21901)

Rule changes

  • [eradicate] Ignore ruff:disable and ruff:enable comments in ERA001 (#22038)
  • [flake8-pytest-style] Allow match and check keyword arguments without an expected exception type (PT010) (#21964)
  • [syntax-errors] Annotated name cannot be global (#20868)

Documentation

  • Add uv and ty to the Ruff README (#21996)
  • Document known lambda formatting deviations from Black (#21954)
  • Update setup.md (#22024)
  • [flake8-bandit] Fix broken link (S704) (#22039)

Other changes

  • Fix playground Share button showing "Copied!" before clipboard copy completes (#21942)

Contributors

... (truncated)

Changelog

Sourced from ruff's changelog.

0.14.10

Released on 2025-12-18.

Preview features

  • [formatter] Fluent formatting of method chains (#21369)
  • [formatter] Keep lambda parameters on one line and parenthesize the body if it expands (#21385)
  • [flake8-implicit-str-concat] New rule to prevent implicit string concatenation in collections (ISC004) (#21972)
  • [flake8-use-pathlib] Make fixes unsafe when types change in compound statements (PTH104, PTH105, PTH109, PTH115) (#22009)
  • [refurb] Extend support for Path.open (FURB101, FURB103) (#21080)

Bug fixes

  • [pyupgrade] Fix parsing named Unicode escape sequences (UP032) (#21901)

Rule changes

  • [eradicate] Ignore ruff:disable and ruff:enable comments in ERA001 (#22038)
  • [flake8-pytest-style] Allow match and check keyword arguments without an expected exception type (PT010) (#21964)
  • [syntax-errors] Annotated name cannot be global (#20868)

Documentation

  • Add uv and ty to the Ruff README (#21996)
  • Document known lambda formatting deviations from Black (#21954)
  • Update setup.md (#22024)
  • [flake8-bandit] Fix broken link (S704) (#22039)

Other changes

  • Fix playground Share button showing "Copied!" before clipboard copy completes (#21942)

Contributors

0.14.9

... (truncated)

Commits
  • 45bbb4c Bump 0.14.10 (#22058)
  • 42b9727 [ty] Use datatest instead of dirtest (#21937)
  • f7ec178 [ty] Gracefully handle client requests that can't be deserialized (#22051)
  • c315164 [ty] Don't suggest keyword statements when only expressions are valid
  • bb1955e [ty] Use cursor context in a few more places...
  • 070e08a [ty] Move completion function to the top
  • bab3924 [ty] Refactor completion generation
  • 10748b2 [flake8-pytest-style] Allow match and check keyword arguments without a...
  • 56539db [ty] Fix some configuration panics in the LSP (#22040)
  • 8d32ad1 [ty] Add support for attribute docstrings (#22036)
  • Additional commits viewable in compare view

Updates mypy from 1.19.0 to 1.19.1

Changelog

Sourced from mypy's changelog.

Mypy 1.19.1

  • Fix noncommutative joins with bounded TypeVars (Shantanu, PR 20345)
  • Respect output format for cached runs by serializing raw errors in cache metas (Ivan Levkivskyi, PR 20372)
  • Allow types.NoneType in match cases (A5rocks, PR 20383)
  • Fix mypyc generator regression with empty tuple (BobTheBuidler, PR 20371)
  • Fix crash involving Unpack-ed TypeVarTuple (Shantanu, PR 20323)
  • Fix crash on star import of redefinition (Ivan Levkivskyi, PR 20333)
  • Fix crash on typevar with forward ref used in other module (Ivan Levkivskyi, PR 20334)
  • Fail with an explicit error on PyPy (Ivan Levkivskyi, PR 20389)

Acknowledgements

Thanks to all mypy contributors who contributed to this release:

  • A5rocks
  • BobTheBuidler
  • bzoracler
  • Chainfire
  • Christoph Tyralla
  • David Foster
  • Frank Dana
  • Guo Ci
  • iap
  • Ivan Levkivskyi
  • James Hilton-Balfe
  • jhance
  • Joren Hammudoglu
  • Jukka Lehtosalo
  • KarelKenens
  • Kevin Kannammalil
  • Marc Mueller
  • Michael Carlstrom
  • Michael J. Sullivan
  • Piotr Sawicki
  • Randolf Scholz
  • Shantanu
  • Sigve Sebastian Farstad
  • sobolevn
  • Stanislav Terliakov
  • Stephen Morton
  • Theodore Ando
  • Thiago J. Barbalho
  • wyattscarpenter

I’d also like to thank my employer, Dropbox, for supporting mypy development.

Mypy 1.18

We’ve just uploaded mypy 1.18.1 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance

... (truncated)

Commits

Updates caldav from 2.1.2 to 2.2.3

Release notes

Sourced from caldav's releases.

v2.2.3 - multiplexing/authentication workaround

Users of the ckulka/baikal:nginx docker image could not get HTTP/2 multiplexing to work together with authentication. Workarounds done to turn off multiplexing on affected systems.

v2.2 - compatibility work and misc

Highlights:

  • New ways to set up client connections:
    • For cloud-based services, it should suffice to pass username, password and the name of the service, no URL needed (though, just some few providers supported so far)
    • If the username is in email format, then it's generally not needed to pass a URL.
  • v2.2 comes with lots of workarounds around lack of feature support in the servers - notably the sync-token API will work also towards servers not supporting sync-tokens. In some cases lack of server functionality is detected, but as for now it may be needed to specify what server one is user through the features configuration flag.
  • v2.2 supports more complex searches. Client-side filtering will be utilized for the things that aren't supported on the server side.

v2.2.1 comes with the requests dependency, v2.2.2 comes with niquests dependency (and v2.2.0 with a non-existing riquests dependency ... duh)

Changelog

Sourced from caldav's changelog.

[2.2.3] - [2025-12-06]

Fixed

  • Some servers did not support the combination of HTTP/2-multiplexing and authentication. Two workarounds fixed; baikal will specifically not use multiplexing, and an attempt to authenticate without multiplexing will be made upon authentication problems. Fixes python-caldav/caldav#564
  • The DTSTAMP is mandatory in icalendar data. The vcal.fix-scrubber has been updated to make up a DTSTAMP if it's missing. Fixes python-caldav/caldav#504

[2.2.2] - [2025-12-04]

2.2.1 is released with requests support (mispelled riquests in 2.2.0), 2.2.2 with niquests support

[2.2.1] - [2025-12-04]

Highlights:

  • New ways to set up client connections:
    • For cloud-based services, it should suffice to pass username, password and the name of the service, no URL needed (though, just some few providers supported so far)
    • If the username is in email format, then it's generally not needed to pass a URL.
  • v2.2 comes with lots of workarounds around lack of feature support in the servers - notably the sync-token API will work also towards servers not supporting sync-tokens. In some cases lack of server functionality is detected, but as for now it may be needed to specify what server one is user through the features configuration flag.
  • v2.2 supports more complex searches. Client-side filtering will be utilized for the things that aren't supported on the server side.

Potentially Breaking Changes

(More information on the changes in the Changed section)

  • Search results may differ due to workarounds for various server compatibility problems. For some use cases this may be a breaking change. https://xkcd.com/1172/
  • New dependencies. As far as I understand the SemVer standard, new dependencies can be added without increasing the major version number - but for some scenarios where it's hard to add new dependencies, this may be a breaking change.
    • The python-dns package is used for RFC6764 discovery. This is a well-known package, so the security impact should be low. This library is only used when doing such a recovery. If anyone minds this dependency, I can change the project so this becomes an optional dependency.
    • Some code has been split out into a new package - icalendar-searcher. so this may also break if you manage the dependencies manually. As this package was made by the maintainer of the CalDAV package, the security impact of adding this dependency should be low.
  • Potentially major performance problems: rather than throwing errors, the sync-token-API may now fetch the full calendar. This change is intended to be un-breaking, but for people having very big calendars and syncing them to a mobile device with limited memory, bandwidth, CPU and battery, this change may be painful. (If a servers is marked to have "fragile" support for sync-tokens, the fallback will apply to those servers too).
  • Very slow test suite due to lots of docker-containers spun up with verious server implementations. See the "Test Suite" section below.

Changed

  • Transparent handling of calendar servers not supporting sync-tokens. The API will yield the same result, albeit with more bandwidth and memory consumption.
  • I'm still working on "compatibility hints". Unfortunately, documentation is still missing.
  • Major refactoring! Some of the logic has been pushed out of the CalDAV package and into a new package, icalendar-searcher. New logic for doing client-side filtering of search results have also been added to that package. This refactoring enables possibilities for more advanced search queries as well as client-side filtering.
    • For advanced search queries, it's needed to create a caldav.CalDAVSearcher object, add filters and do a searcher.search(cal) instead of doing cal.search(...).
  • Server compatibility improvements: Significant work-arounds added for inconsistent CalDAV server behavior, aiming for consistent search results regardless of the server in use. Many of these work-arounds require proper server compatibility configuration via the features / compatibility_hints system. This may be a breaking change for some use cases, as backward-bug-compatibility is not preserved - searches may return different results if the previous behavior was relying on server quirks.

Fixed

  • As noted above, quite some changes have been done to searches. One may argue if this is breaking changes, changes or bugfixes. At least github issues #434, #461, #566 and #509 has been closed in the process.
  • A minor bug in the FeatureSet constructor was fixed, sometimes information could be lost.
  • Downgraded a CRITICAL error message to INFO, for some conditions that clearly wasn't CRITICAL (HTML error responses from server or wrong content-type given, when XML was expected)
  • Probably some other minor bug fixes (though, most of the bugs fixed in this release was introduced after 2.1.2)
  • A user managed to trigger a crash bug in the search in python-caldav/caldav#587 - this has indirectly been fixed through the refactorings.

Added

... (truncated)

Commits
  • 6134ddc preparing for releasing v2.2.3
  • 8bf9e03 Workarounds for servers not supporting multiplexing auth
  • 146ca93 Add a DTSTAMP in events that are missing them.
  • d045494 Various document fixes
  • 07e6833 Updated outdated security information about RFC6764
  • 796de06 Grammar typo in SECURITY.md
  • 00aced3 tweaks to the CHANGELOG
  • 89a5cae v2.2.2 - niquests version of v2.2
  • 8987a8a v2.2.1 - typo fix: requess, not riquests
  • e502d47 v2.0.0 will be based on requests
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
deps(deps): bump the pip group with 3 updates
849653a 
Bumps the pip group with 3 updates: [ruff](https://github.com/astral-sh/ruff), [mypy](https://github.com/python/mypy) and [caldav](https://github.com/python-caldav/caldav).


Updates `ruff` from 0.14.7 to 0.14.10
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.14.7...0.14.10)

Updates `mypy` from 1.19.0 to 1.19.1
- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md)
- [Commits](python/mypy@v1.19.0...v1.19.1)

Updates `caldav` from 2.1.2 to 2.2.3
- [Release notes](https://github.com/python-caldav/caldav/releases)
- [Changelog](https://github.com/python-caldav/caldav/blob/master/CHANGELOG.md)
- [Commits](python-caldav/caldav@v2.1.2...v2.2.3)

---
updated-dependencies:
- dependency-name: ruff
  dependency-version: 0.14.10
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: pip
- dependency-name: mypy
  dependency-version: 1.19.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: pip
- dependency-name: caldav
  dependency-version: 2.2.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Jan 1, 2026
@dependabot dependabot bot requested a review from jelmer as a code owner January 1, 2026 03:34
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Jan 1, 2026
@github-actions github-actions bot enabled auto-merge (squash) January 1, 2026 04:08
@github-actions github-actions bot merged commit 10022ad into master Jan 1, 2026
39 of 41 checks passed
@github-actions github-actions bot deleted the dependabot/pip/pip-c6a9901237 branch January 1, 2026 04:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jelmer jelmer Awaiting requested review from jelmer jelmer is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant