Skip to content

Bump the workflows-dependencies group across 1 directory with 3 updates#8

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/dot-github/workflows/workflows-dependencies-4d2ad41e44
Open

Bump the workflows-dependencies group across 1 directory with 3 updates#8
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/dot-github/workflows/workflows-dependencies-4d2ad41e44

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Mar 1, 2026

Bumps the workflows-dependencies group with 3 updates in the /.github/workflows directory: nox, pip and poetry.

Updates nox from 2025.11.12 to 2026.2.9

Release notes

Sourced from nox's releases.

2026.02.09 ❤️‍🩹

This small release supports uv 0.10's new requirement that --clear be passed to clear an environment. Python 3.8 support was temporarily re-added since uv 0.10 still supports 3.8, so nox on 3.8 was affected.

We'd like to thank the following folks who contributed to this release:

Bugfixes:

Internal changes:

Documentation:

Changelog

Sourced from nox's changelog.

Changelog

2026.02.09

This small release supports uv 0.10's new requirement that --clear be passed to clear an environment. Python 3.8 support was temporarily re-added since uv 0.10 still supports 3.8, so nox on 3.8 was affected.

We'd like to thank the following folks who contributed to this release:

Bugfixes:

Internal changes:

Documentation:

Commits

Updates pip from 25.3 to 26.0.1

Changelog

Sourced from pip's changelog.

26.0.1 (2026-02-04)

Bug Fixes

  • Fix --pre not being respected from the command line when a requirement file includes an option e.g. -extra-index-url. ([#13788](https://github.com/pypa/pip/issues/13788) <https://github.com/pypa/pip/issues/13788>_)

26.0 (2026-01-30)

Deprecations and Removals

  • Remove support for non-bare project names in egg fragments. Affected users should use the Direct URL requirement syntax <https://packaging.python.org/en/latest/specifications/version-specifiers/#direct-references>. ([#13157](https://github.com/pypa/pip/issues/13157) <https://github.com/pypa/pip/issues/13157>)

Features

  • Display pip's command-line help in colour, if possible. ([#12134](https://github.com/pypa/pip/issues/12134) <https://github.com/pypa/pip/issues/12134>_)

  • Support installing dependencies declared with inline script metadata (:pep:723) with --requirements-from-script. ([#12891](https://github.com/pypa/pip/issues/12891) <https://github.com/pypa/pip/issues/12891>_)

  • Add --all-releases and --only-final options to control pre-release and final release selection during package installation. ([#13221](https://github.com/pypa/pip/issues/13221) <https://github.com/pypa/pip/issues/13221>_)

  • Add --uploaded-prior-to option to only consider packages uploaded prior to a given datetime when the upload-time field is available from a remote index. ([#13625](https://github.com/pypa/pip/issues/13625) <https://github.com/pypa/pip/issues/13625>_)

  • Add --use-feature inprocess-build-deps to request that build dependencies are installed within the same pip install process. This new mechanism is faster, supports --no-clean and --no-cache-dir reliably, and supports prompting for authentication.

    Enabling this feature will also enable --use-feature build-constraints. This feature will become the default in a future pip version. ([#9081](https://github.com/pypa/pip/issues/9081) <https://github.com/pypa/pip/issues/9081>_)

  • pip cache purge and pip cache remove now clean up empty directories and legacy files left by older pip versions. ([#9058](https://github.com/pypa/pip/issues/9058) <https://github.com/pypa/pip/issues/9058>_)

Bug Fixes

  • Fix selecting pre-release versions when only pre-releases match. For example, package>1.0 with versions 1.0, 2.0rc1 now installs 2.0rc1 instead of failing. ([#13746](https://github.com/pypa/pip/issues/13746) <https://github.com/pypa/pip/issues/13746>_)
  • Revisions in version control URLs now must be percent-encoded. For example, use git+https://example.com/repo.git@issue%231 to specify the branch issue#1. If you previously used a branch name containing a % character in a version control URL, you now need to replace it with %25 to ensure correct percent-encoding. ([#13407](https://github.com/pypa/pip/issues/13407) <https://github.com/pypa/pip/issues/13407>_)
  • Preserve original casing when a path is displayed. ([#6823](https://github.com/pypa/pip/issues/6823) <https://github.com/pypa/pip/issues/6823>_)
  • Fix bash completion when the $IFS variable has been modified from its default. ([#13555](https://github.com/pypa/pip/issues/13555) <https://github.com/pypa/pip/issues/13555>_)
  • Precompute Python requirements on each candidate, reducing time of long resolutions. ([#13656](https://github.com/pypa/pip/issues/13656) <https://github.com/pypa/pip/issues/13656>_)
  • Skip redundant work converting version objects to strings when using the

... (truncated)

Commits

Updates poetry from 2.2.1 to 2.3.2

Release notes

Sourced from poetry's releases.

2.3.2

Changed

  • Allow dulwich>=1.0 (#10701).

poetry-core (2.3.1)

  • Fix an issue where platform_release could not be parsed on Windows Server (#911).

2.3.1

Fixed

  • Fix an issue where cached information about each package was always considered outdated (#10699).

Docs

  • Document SHELL_VERBOSITY environment variable (#10678).

2.3.0

Added

  • Add support for exporting pylock.toml files with poetry-plugin-export (#10677).
  • Add support for specifying build constraints for dependencies (#10388).
  • Add support for publishing artifacts whose version is determined dynamically by the build-backend (#10644).
  • Add support for editable project plugins (#10661).
  • Check requires-poetry before any other validation (#10593).
  • Validate the content of project.readme when running poetry check (#10604).
  • Add the option to clear all caches by making the cache name in poetry cache clear optional (#10627).
  • Automatically update the cache for packages where the locked files differ from cached files (#10657).
  • Suggest to clear the cache if running a command with --no-cache solves an issue (#10585).
  • Propose poetry init when trying poetry new for an existing directory (#10563).
  • Add support for poetry publish --skip-existing for new Nexus OSS versions (#10603).
  • Show Poetry's own Python's path in poetry debug info (#10588).

Changed

  • Drop support for Python 3.9 (#10634).
  • Change the default of installer.re-resolve from true to false (#10622).
  • PEP 735 dependency groups are considered in the lock file hash (#10621).
  • Deprecate poetry.utils._compat.metadata, which is sometimes used in plugins, in favor of importlib.metadata (#10634).
  • Improve managing free-threaded Python versions with poetry python (#10606).
  • Prefer JSON API to HTML API in legacy repositories (#10672).
  • When running poetry init, only add the readme field in the pyproject.toml if the readme file exists (#10679).
  • Raise an error if no hash can be determined for any distribution link of a package (#10673).
  • Require dulwich>=0.25.0 (#10674).

Fixed

  • Fix an issue where poetry remove did not work for PEP 735 dependency groups with include-group items (#10587).
  • Fix an issue where poetry remove caused dangling include-group references in PEP 735 dependency groups (#10590).

... (truncated)

Changelog

Sourced from poetry's changelog.

[2.3.2] - 2026-02-01

Changed

  • Allow dulwich>=1.0 (#10701).

poetry-core (2.3.1)

  • Fix an issue where platform_release could not be parsed on Windows Server (#911).

[2.3.1] - 2026-01-20

Fixed

  • Fix an issue where cached information about each package was always considered outdated (#10699).

Docs

  • Document SHELL_VERBOSITY environment variable (#10678).

[2.3.0] - 2026-01-18

Added

  • Add support for exporting pylock.toml files with poetry-plugin-export (#10677).
  • Add support for specifying build constraints for dependencies (#10388).
  • Add support for publishing artifacts whose version is determined dynamically by the build-backend (#10644).
  • Add support for editable project plugins (#10661).
  • Check requires-poetry before any other validation (#10593).
  • Validate the content of project.readme when running poetry check (#10604).
  • Add the option to clear all caches by making the cache name in poetry cache clear optional (#10627).
  • Automatically update the cache for packages where the locked files differ from cached files (#10657).
  • Suggest to clear the cache if running a command with --no-cache solves an issue (#10585).
  • Propose poetry init when trying poetry new for an existing directory (#10563).
  • Add support for poetry publish --skip-existing for new Nexus OSS versions (#10603).
  • Show Poetry's own Python's path in poetry debug info (#10588).

Changed

  • Drop support for Python 3.9 (#10634).
  • Change the default of installer.re-resolve from true to false (#10622).
  • PEP 735 dependency groups are considered in the lock file hash (#10621).
  • Deprecate poetry.utils._compat.metadata, which is sometimes used in plugins, in favor of importlib.metadata (#10634).
  • Improve managing free-threaded Python versions with poetry python (#10606).
  • Prefer JSON API to HTML API in legacy repositories (#10672).
  • When running poetry init, only add the readme field in the pyproject.toml if the readme file exists (#10679).
  • Raise an error if no hash can be determined for any distribution link of a package (#10673).
  • Require dulwich>=0.25.0 (#10674).

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the workflows-dependencies group across 1 directory with 3 updates
01f9abe 
Bumps the workflows-dependencies group with 3 updates in the /.github/workflows directory: [nox](https://github.com/wntrblm/nox), [pip](https://github.com/pypa/pip) and [poetry](https://github.com/python-poetry/poetry).


Updates `nox` from 2025.11.12 to 2026.2.9
- [Release notes](https://github.com/wntrblm/nox/releases)
- [Changelog](https://github.com/wntrblm/nox/blob/main/CHANGELOG.md)
- [Commits](wntrblm/nox@2025.11.12...2026.02.09)

Updates `pip` from 25.3 to 26.0.1
- [Changelog](https://github.com/pypa/pip/blob/main/NEWS.rst)
- [Commits](pypa/pip@25.3...26.0.1)

Updates `poetry` from 2.2.1 to 2.3.2
- [Release notes](https://github.com/python-poetry/poetry/releases)
- [Changelog](https://github.com/python-poetry/poetry/blob/main/CHANGELOG.md)
- [Commits](python-poetry/poetry@2.2.1...2.3.2)

---
updated-dependencies:
- dependency-name: nox
  dependency-version: 2026.2.9
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: workflows-dependencies
- dependency-name: pip
  dependency-version: 26.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: workflows-dependencies
- dependency-name: poetry
  dependency-version: 2.3.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: workflows-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Mar 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants