◐ Shell
clean mode source ↗

chore(deps): update all non-major dependencies by renovate[bot] · Pull Request #3397 · python-gitlab/python-gitlab

renovate

This PR contains the following updates:

Package Type Update Change Age Confidence
actions/stale action minor v10.2.0v10.3.0 age confidence
black (changelog) minor ==26.3.1==26.5.1 age confidence
codecov/codecov-action action patch v6.0.0v6.0.1 age confidence
commitizen (changelog) minor ==4.15.0==4.16.2 age confidence
commitizen-tools/commitizen repository minor v4.15.0v4.16.2 age confidence
coverage minor ==7.13.5==7.14.0 age confidence
dessant/lock-threads action patch v6.0.0v6.0.1 age confidence
maxbrunet/pre-commit-renovate repository minor 43.141.243.150.0 age confidence
myst-parser minor ==5.0.0==5.1.0 age confidence
psf/black repository minor 26.3.126.5.1 age confidence
python final minor 3.12-alpine3.14-alpine age confidence
python stage minor 3.12-alpine3.14-alpine age confidence
requests (changelog) minor ==2.33.1==2.34.2 age confidence
responses (changelog) patch ==0.26.0==0.26.1 age confidence
types-PyYAML (changelog) patch ==6.0.12.20260408==6.0.12.20260518 age confidence
types-requests (changelog) patch ==2.33.0.20260503==2.33.0.20260518 age confidence
types-setuptools (changelog) patch ==82.0.0.20260408==82.0.0.20260518 age confidence

Note: The pre-commit manager in Renovate is not supported by the pre-commit maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.

Release Notes

actions/stale (actions/stale)

v10.3.0

Compare Source

psf/black (black)

v26.5.1

Compare Source

Stable style
  • Fix unstable formatting of annotated assignments whose subscript annotation contains
    an inline comment (e.g. x: list[ # pyright: ignore[...]) (#​5130)
  • Preserve inline comments (including # type: ignore) immediately before a
    # fmt: skip line, avoiding AST equivalence failures (#​5139)
Packaging
  • Correct the version in the published executables (#​5137)
Documentation
  • Add Neovim integration guide covering conform.nvim, ALE, and simple command approaches
    (#​5124)

v26.5.0

Compare Source

Highlights
  • Add support for unpacking in comprehensions (PEP 798) and for lazy imports (PEP 810),
    both new syntactic features in Python 3.15 (#​5048)
  • Python 3.15 is now supported. Compiled wheels are not yet provided for Python 3.15, so
    performance may be slower than on existing Python versions. Wheels will be provided
    once Python 3.15 is later in its release cycle. (#​5127)
Stable style
  • Fix # fmt: skip being ignored in nested if expressions with parenthesized in
    clauses (#​4903)
  • Add syntactic support for Python 3.15 (#​5048)
  • Fix crash when an f-string follows a # fmt: off comment inside brackets (#​5097)
  • Preserve multiline compound statement headers when # fmt: skip is placed on the
    colon line (#​5117)
Preview style
  • Improve heuristics around whether blank lines should appear before, within and after
    groups of same-name decorated functions (such as @overload groups) in .pyi stub
    files (#​5021)
  • Fix blank lines being removed between a function and a decorated class in .pyi stub
    files (#​5092)
  • Prevent string merger from creating unsplittable long lines when a pragma comment
    (e.g. # type: ignore) follows the closing bracket (#​5096)
Packaging
Output
  • Improve parse error readability by showing multi-line output with an error pointer.
    (#​5068)
  • Add SourceASTParseError to distinguish source parse failures from internal safety
    errors, improving error reporting when Black's lenient parser accepts input that
    ast.parse() rejects (#​5080)
Blackd
  • Return HTTP 400 (Bad Request) for source parse failures instead of HTTP 500, keeping
    HTTP 500 only for genuine internal safety errors (#​5080)
Integrations
  • Added documentation for doctest formatting tools and updated the integrations index to
    match (#​4916)
Documentation
  • Use "Version X.Y.Z" headings in changelog for stable permalink anchors on ReadTheDocs
    (#​5063)
  • Note in the editor integrations that the SublimeText sublack plugin is archived and
    unmaintained (#​5082)
codecov/codecov-action (codecov/codecov-action)

v6.0.1

Compare Source

commitizen-tools/commitizen (commitizen)

v4.16.2

Compare Source

v4.16.2 (2026-05-15)

Fix
  • tags: widen prerelease and devrelease tag regexes for SemVer2 (#​1972)

v4.16.1

Compare Source

v4.16.1 (2026-05-15)

Fix
  • cz_customize: derive bump_map_major_version_zero from bump_map (#​1977)

v4.16.0

Compare Source

v4.16.0 (2026-05-12)

Feat
  • hooks: support interactive hooks scripts

v4.15.1

Compare Source

v4.15.1 (2026-05-06)

Fix
  • security: prevent command injection via shell=True (CWE-78) (#​1941)
coveragepy/coveragepy (coverage)

v7.14.0

Compare Source

  • Feature: now when running one of the reporting commands, if there are
    parallel data files that need combining, they will be implicitly combined
    before creating the report. There is no option to avoid the combination; let
    us know if you have a use case that requires it. Thanks, Tim Hatch <pull 2162_>. Closes issue 1781.

  • Fix: the output from combine was too verbose, listing each file
    considered. Now it shows a single line with the counts of files combined,
    files skipped, and files with errors. The -q flag suppresses this line.
    The old detailed lines are available with the new --debug=combine option.

  • Fix: running a Python file through a symlink now sets the sys.path correctly,
    matching regular Python behavior. Fixes issue 2157_.

  • Fix: Collector.flush_data could fail with "RuntimeError: Set changed
    size during iteration" when a tracer in another thread added a line to the
    per-file set that add_lines (or add_arcs) was iterating. The values
    passed to CoverageData are now snapshotted via dict.copy() and
    set.copy(), which are atomic under the GIL. Thanks, Alex Vandiver <pull 2165_>_.

  • Fix: the soft keyword lazy is now bolded in HTML reports.

  • We are no longer testing eventlet support. Eventlet started issuing stern
    deprecation warnings that break our tests. Our support code is still there.

.. _issue 1781: #​1781
.. _issue 2157: #​2157
.. _pull 2162: #​2162
.. _pull 2165: #​2165

.. _changes_7-13-5:

dessant/lock-threads (dessant/lock-threads)

v6.0.1

Compare Source

Learn more about this release from the changelog.

maxbrunet/pre-commit-renovate (maxbrunet/pre-commit-renovate)

v43.150.0

Compare Source

See https://github.com/renovatebot/renovate/releases/tag/43.150.0 for more changes

executablebooks/MyST-Parser (myst-parser)

v5.1.0

Compare Source

✨ New Features
  • ✨ Add "alert" syntax extension for GFM alerts (e.g. > [!NOTE]), see by gh-user:chrisjsewell in gh-pr:1128
  • ✨ Add "gfm_autolink" syntax extension for GFM autolinks, see by gh-user:chrisjsewell in gh-pr:1128
  • ✨ Add myst_strikethrough_single_tilde config option to allow single tilde (~) for strikethrough by gh-user:chrisjsewell in gh-pr:1128
  • ✨ Add myst_colon_fence_exact_match config option to require the closing colon fence to have exactly the same number of colons as the opening, see by gh-user:chrisjsewell in gh-pr:1128
👌 Improvements
  • 👌 Update myst_gfm_only mode to use the unified gfm_plugin, which now includes GFM autolinks, alerts, and improved strikethrough/tasklist handling by gh-user:chrisjsewell in gh-pr:1128
  • 👌 Improve MathJax 4 compatibility for Sphinx 9 by gh-user:chrisjsewell in gh-pr:1110
  • 👌 Stop directive-option parsing at colon fences, fixing nested colon fence directives by gh-user:chrisjsewell in gh-pr:1133
🐛 Bug Fixes
  • 🐛 Use docname instead of source path in warning locations by gh-user:chrisjsewell in gh-pr:1114
  • 🐛 Correctly encode & in Markdown URLs by not HTML-escaping refuri by gh-user:chrisjsewell in gh-pr:1126
  • 🐛 Fix RemovedInSphinx10Warning for inventory item iteration by gh-user:chrisjsewell in gh-pr:1129
  • 🐛 Pin mdit-py-plugins>=0.6.1 for nested field list fix by gh-user:chrisjsewell in gh-pr:1134
⬆️ Dependency Upgrades
  • ⬆️ Upgrade to markdown-it-py~=4.2 and mdit-py-plugins~=0.6 by gh-user:chrisjsewell in gh-pr:1128
  • ⬆️ Update pygments requirement from <2.20 to <2.21 by gh-user:chrisjsewell in gh-pr:1117

Full Changelog: v5.0.0...v5.1.0

psf/requests (requests)

v2.34.2

Compare Source

  • Moved headers input type back to Mapping to avoid invariance issues
    with MutableMapping and inferred dict types. Users calling
    Request.headers.update() may need to narrow typing in their code. (#​7441)

v2.34.1

Compare Source

Bugfixes

  • Widened json input type from dict and list to Mapping
    and Sequence. (#​7436)
  • Changed headers input type to MutableMapping and removed None from
    Request.headers typing to improve handling for users. (#​7431)
  • Response.reason moved from str | None to str to improve handling
    for users. (#​7437)
  • Fixed a bug where some bodies with custom __getattr__ implementations
    weren't being properly detected as Iterables. (#​7433)

v2.34.0

Compare Source

Announcements

  • Requests 2.34.0 introduces inline types, replacing those provided by
    typeshed. Public API types should be fully compatible with mypy, pyright,
    and ty. We believe types are comprehensive but if you find issues, please
    report them to the pinned tracking issue.

    Special thanks to @​bastimeyer, @​cthoyt, @​edgarrmondragon, and @​srittau for
    helping review and test the types ahead of the release. (#​7272)

Improvements

  • Digest Auth hashing algorithms have added usedforsecurity=False to clarify
    security considerations. (#​7310)
  • Requests added support for Python 3.15 based on beta1. Downstream projects
    should be able to start testing prior to its release in October. (#​7422)
  • Requests added support for Python 3.14t. (#​7419)

Bugfixes

  • Response.history no longer contains a reference to itself, preventing
    accidental looping when traversing the history list. (#​7328)
  • Requests no longer performs greedy matching on no_proxy domains. The
    proxy_bypass implementation has been updated with CPython's fix from
    bpo-39057. (#​7427)
  • Requests no longer incorrectly strips duplicate leading slashes in
    URI paths. This should address user issues with specific presigned
    URLs. Note the full fix requires urllib3 2.7.0+. (#​7315)
getsentry/responses (responses)

v0.26.1

Compare Source

  • Added Spanish translation of the README (README.es.rst)
  • When both content_type and headers['content-type'] are in a response mock file,
    content_type is now used.
  • Added strict_match to urlencoded_params_matcher, enabling partial request parameter
    matching.

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.