Bump the python-dependencies group across 1 directory with 16 updates

[dependabot]

Updates the requirements on filelock, fonttools, huggingface-hub, matplotlib, opencv-python, pillow, platformdirs, regex, requests, torch, tqdm, transformers, urllib3, protobuf, pytest and uv-build to permit the latest version.
Updates filelock from 3.20.3 to 3.29.1

Release notes

Sourced from filelock's releases.

3.29.1

What's Changed

• docs: fix API docs of release() by @​MrAnno in tox-dev/filelock#540
• docs: clarify per-thread scope of FileLock configuration by @​Gares95 in tox-dev/filelock#543
• chore: improve filelock maintenance path by @​lphuc2250gma in tox-dev/filelock#542
• chore: improve filelock maintenance path by @​lphuc2250gma in tox-dev/filelock#544
• chore: improve filelock maintenance path by @​lphuc2250gma in tox-dev/filelock#545
• 🐛 fix(soft): refuse to follow symlinks when reading the lock file by @​dxbjavid in tox-dev/filelock#548

New Contributors

• @​MrAnno made their first contribution in tox-dev/filelock#540
• @​Gares95 made their first contribution in tox-dev/filelock#543
• @​lphuc2250gma made their first contribution in tox-dev/filelock#542
• @​dxbjavid made their first contribution in tox-dev/filelock#548

Full Changelog: tox-dev/filelock@3.29.0...3.29.1

3.29.0

What's Changed

• 🐛 fix(async): use single-thread executor for lock consistency by @​gaborbernat in tox-dev/filelock#533
• ✨ feat(soft): enable stale lock detection on Windows by @​gaborbernat in tox-dev/filelock#534

Full Changelog: tox-dev/filelock@3.28.0...3.29.0

3.28.0

What's Changed

• 🐛 fix(ci): unbreak release workflow, publish to PyPI again by @​gaborbernat in tox-dev/filelock#529

Full Changelog: tox-dev/filelock@3.27.0...3.28.0

3.27.0

What's Changed

• ✨ feat(rw): add SoftReadWriteLock for NFS and HPC clusters by @​gaborbernat in tox-dev/filelock#528

Full Changelog: tox-dev/filelock@3.26.1...3.27.0

3.26.1

... (truncated)

Changelog

Sourced from filelock's changelog.

########### Changelog ###########

---

3.29.1 (2026-06-03)

---

• 🐛 fix(soft): refuse to follow symlinks when reading the lock file :pr:548 - by :user:dxbjavid
• [pre-commit.ci] pre-commit autoupdate :pr:547 - by :user:pre-commit-ci[bot]
• [pre-commit.ci] pre-commit autoupdate :pr:546 - by :user:pre-commit-ci[bot]
• chore: improve filelock maintenance path :pr:545 - by :user:lphuc2250gma
• chore: improve filelock maintenance path :pr:544 - by :user:lphuc2250gma
• chore: improve filelock maintenance path :pr:542 - by :user:lphuc2250gma
• docs: clarify per-thread scope of FileLock configuration :pr:543 - by :user:Gares95
• [pre-commit.ci] pre-commit autoupdate :pr:541 - by :user:pre-commit-ci[bot]
• docs: fix API docs of release() :pr:540 - by :user:MrAnno
• [pre-commit.ci] pre-commit autoupdate :pr:539 - by :user:pre-commit-ci[bot]
• [pre-commit.ci] pre-commit autoupdate :pr:538 - by :user:pre-commit-ci[bot]
• [pre-commit.ci] pre-commit autoupdate :pr:537 - by :user:pre-commit-ci[bot]
• build(deps): bump astral-sh/setup-uv from 8.0.0 to 8.1.0 :pr:536 - by :user:dependabot[bot]
• [pre-commit.ci] pre-commit autoupdate :pr:535 - by :user:pre-commit-ci[bot]

---

3.29.0 (2026-04-19)

---

• ✨ feat(soft): enable stale lock detection on Windows :pr:534
• 🐛 fix(async): use single-thread executor for lock consistency :pr:533
• build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 :pr:530 - by :user:dependabot[bot]

---

3.28.0 (2026-04-14)

---

• 🐛 fix(ci): unbreak release workflow, publish to PyPI again :pr:529

---

3.26.1 (2026-04-09)

---

• 🐛 fix(asyncio): add exit to BaseAsyncFileLock and fix del loop handling :pr:518 - by :user:naarob
• build(deps): bump pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0 :pr:525 - by :user:dependabot[bot]

---

3.26.0 (2026-04-06)

---

• ✨ feat(soft): add PID inspection and lock breaking :pr:524
• [pre-commit.ci] pre-commit autoupdate :pr:523 - by :user:pre-commit-ci[bot]

... (truncated)

Commits

• 438b6fe Release 3.29.1
• bfbfa76 🐛 fix(soft): refuse to follow symlinks when reading the lock file (#548)
• c51a72c [pre-commit.ci] pre-commit autoupdate (#547)
• cc05fd7 [pre-commit.ci] pre-commit autoupdate (#546)
• cb947e5 chore: improve filelock maintenance path (#545)
• e087ca9 chore: improve filelock maintenance path (#544)
• f9dd949 chore: improve filelock maintenance path (#542)
• 9200f1f docs: clarify per-thread scope of FileLock configuration (#543)
• 9d8985f [pre-commit.ci] pre-commit autoupdate (#541)
• 7d1f48c docs: fix API docs of release() (#540)
• Additional commits viewable in compare view

Updates fonttools from 4.61.1 to 4.63.0

Release notes

Sourced from fonttools's releases.

4.63.0

• [ttLib] Add support for Apple Color Emoji bgcl table (#4065).
• [ttLib] Add support for IFT and IFTX tables (Incremental Font Transfer, PatchMapFormat2) (#4070, #4072).
• [otData] Introduce FieldSpec dataclass for OpenType table schema definitions, replacing raw tuples in otData.py (#4076).
• [Feat] Show name table strings as comments next to label IDs in TTX output, matching the convention used by fvar, STAT, trak (#4089).
• [cu2qu] Fix Cython complex-division rounding difference in split_cubic_into_three that could cause ±1 off-curve coordinate shifts (#3928, #4083).
• [designspaceLib] Fix map_backwardgooglefonts/ufo2ft#978#4085).
• [OS/2] Fix setUnicodeRanges to accept reserved bits 123-127, restoring round-trip with getUnicodeRanges and fixing recalcUnicodeRanges crash in the subsetter (#4087, #4088).
• [cython] Declare Cython extensions as free-threading compatible on Python 3.13+, so that importing them on free-threaded Python no longer re-enables the GIL (#4073, #4090).

4.62.1

• [feaLib] Extend contextual rule merging to all rule types: single subst, GSUB/GPOS named lookups, ignore rules, and chained alternate subst (#4061).

4.62.0

• [diff] Add new fonttools diff command for comparing font files, imported from the fdiff project and heavily reworked (#1190, #4007, #4009, #4011, #4013, #4019).
• [feaLib] Fix VariableScalar interpolation bug with non-linear avar mappings. Also decouple VariableScalar from compiled fonts, allowing it to work with designspace data before compilation (#3938, #4054).
• [feaLib] Fix VariableScalar axis ordering and iterative delta rounding to match fontc behavior (#4053).
• [feaLib] Merge chained multi subst rules with same context into a single subtable instead of emitting one subtable per glyph (#4016, #4058).
• [feaLib] Pass location to ConditionsetStatementfontra/fontra-glyphs#130#4057).
• [feaLib] Write 0xFFFF instead of 0 for missing nameIDs in cv feature params (#4010, #4012).
• [cmap] Fix CmapSubtable.__lt__() TypeError on Python 3 when subtables share the same encoding record, and add compile-time validation for unique encoding records (#4035, #4055).
• [svgLib] Skip non-element XML nodes (comments, processing instructions) when drawing SVG paths (#4042, #4043).
• [glifLib] Fix regression reading glyph outlines when glyphObject=None (#4030, #4031).
• [pointPen] Fix SegmentToPointPen edge case: only remove a duplicate final point on closePath() if it is an on-curve point (#4014, #4015).
• [cffLib] SECURITY Replace eval() with safeEval() in parseBlendList() to prevent arbitrary code execution from crafted TTX files (#4039, #4040).
• [ttLib] Remove defunct Adobe SING Glyphlet tables (META, SING, GMAP, GPKG) (#4044).
• [varLib.interpolatable] Various bugfixes: fix swapped nodeTypes assignment, duplicate kink-detector condition, typos, CFF2 vsindex parsing, glyph existence check, and plot helpers (#4046).
• [varLib.models] Fix getSubModel not forwarding extrapolate/axisRanges; check location uniqueness after stripping zeros (#4047).
• [varLib] Fix --variable-fonts filter in build_many; remove dead code and fix comments (#4048).
• [avar] Preserve existing name table in build; keep unbuild return types consistent; validate map CLI coordinates (#4051).
• [cu2qu/qu2cu] Add input validation: reject non-positive tolerances, validate curve inputs and list lengths (#4052).
• [colorLib] Raise a clear ColorLibError when base glyphs are missing from glyphMap, instead of a confusing KeyError (#4041).
• [glyf] Remove unnecessary fvar table dependency (#4017).
• [fvar/trak] Remove unnecessary name table dependency (#4018).
• [ufoLib] Relax guideline validation to follow the updated spec (#3537, #3553).
• [ttFont] Fix saveXML regression with empty table lists, clarify docstring (#4025, #4026, #4056).
• [setup.py] Link libm for Cython extensions using math functions (#4028, #4029).
• Add typing annotations for DSIG, DefaultTable, ttProgram (#4033).

Changelog

Sourced from fonttools's changelog.

4.63.0 (released 2026-05-14)

• [ttLib] Add support for Apple Color Emoji bgcl table (#4065).
• [ttLib] Add support for IFT and IFTX tables (Incremental Font Transfer, PatchMapFormat2) (#4070, #4072).
• [otData] Introduce FieldSpec dataclass for OpenType table schema definitions, replacing raw tuples in otData.py (#4076).
• [Feat] Show name table strings as comments next to label IDs in TTX output, matching the convention used by fvar, STAT, trak (#4089).
• [cu2qu] Fix Cython complex-division rounding difference in split_cubic_into_three that could cause ±1 off-curve coordinate shifts (#3928, #4083).
• [designspaceLib] Fix map_backward for many-to-one (flat-segment) axis maps that silently dropped entries via dict comprehension googlefonts/ufo2ft#978#4085).
• [OS/2] Fix setUnicodeRanges to accept reserved bits 123-127, restoring round-trip with getUnicodeRanges and fixing recalcUnicodeRanges crash in the subsetter (#4087, #4088).
• [cython] Declare Cython extensions as free-threading compatible on Python 3.13+, so that importing them on free-threaded Python no longer re-enables the GIL (#4073, #4090).

4.62.1 (released 2026-03-13)

• [feaLib] Extend contextual rule merging to all rule types: single subst, GSUB/GPOS named lookups, ignore rules, and chained alternate subst (#4061).

4.62.0 (released 2026-03-09)

• [diff] Add new fonttools diff command for comparing font files, imported from the fdiff project and heavily reworked (#1190, #4007, #4009, #4011, #4013, #4019).
• [feaLib] Fix VariableScalar interpolation bug with non-linear avar mappings. Also decouple VariableScalar from compiled fonts, allowing it to work with designspace data before compilation (#3938, #4054).
• [feaLib] Fix VariableScalar axis ordering and iterative delta rounding to match fontc behavior (#4053).
• [feaLib] Merge chained multi subst rules with same context into a single subtable instead of emitting one subtable per glyph (#4016, #4058).
• [feaLib] Pass location to ConditionsetStatement to fix glyphsLib round-tripping fontra/fontra-glyphs#130#4057).
• [feaLib] Write 0xFFFF instead of 0 for missing nameIDs in cv feature params (#4010, #4012).
• [cmap] Fix CmapSubtable.__lt__() TypeError on Python 3 when subtables share the same encoding record, and add compile-time validation for unique encoding records (#4035, #4055).
• [svgLib] Skip non-element XML nodes (comments, processing instructions) when drawing SVG paths (#4042, #4043).

... (truncated)

Commits

• 978d9ed Release 4.63.0
• 6b40ecb Add changelog entries for 4.63.0
• 382a35f Merge pull request #4090 from fonttools/fix-freethreading-compat
• 0e999b5 Declare Cython extensions as free-threading compatible
• 9e55ea5 Merge pull request #4089 from fonttools/graphite-feat-labels
• e84db3a Merge pull request #4088 from fonttools/fix-setUnicodeRanges-bits-123-127
• d6eabd1 Feat: show name table strings as comments next to label IDs in ttx
• 7d0902b OS/2: fix setUnicodeRanges round-trip for reserved bits 123-127
• 06e266c Merge pull request #4085 from fonttools/fix-map-backward-non-injective
• 6d64598 Add more tests for map_backward with many-to-one axis maps
• Additional commits viewable in compare view

Updates huggingface-hub from 1.3.2 to 1.17.0

Release notes

Sourced from huggingface-hub's releases.

[v1.17.0] Cross-repo copies, ssh to Spaces, smarter CLI tables

📋 Copy files between repositories

You can now copy files or entire folders between different repositories on the Hub — model to model, model to dataset, any combination — without downloading or re-uploading data. CommitOperationCopy accepts src_repo_id and src_repo_type for cross-repo sources, and LFS blobs are deduplicated server-side via the /lfs-files/duplicate endpoint. Non-LFS files are fetched from the source repo and committed as regular payloads. copy_files and hf buckets cp now support repo-to-repo in addition to the existing bucket destinations.

>>> from huggingface_hub import copy_files
Copy an entire folder
>>> copy_files(
...     "hf://datasets/username/source-dataset/data/",
...     "hf://datasets/username/target-dataset/data/",
... )

• [Copy] Support cross-repo file copies by @​Wauplin in #4203

📚 Documentation: Upload guide — Copy files between repositories

🖥️ SSH into a Space with hf spaces ssh

A new hf spaces ssh command opens an SSH session directly into a Space's Dev Mode container. If Dev Mode is not enabled yet, the CLI prompts you to enable it. You can also use --dry-run to print the SSH command without running it, or -i to forward a specific key. Your SSH public key must be registered in your HF user settings.

# SSH into a Space
$ hf spaces ssh username/my-space
Print the SSH command without running it
$ hf spaces ssh username/my-space --dry-run

• [CLI] Add hf spaces ssh by @​gary149 in #4241

📚 Documentation: CLI guide — SSH into a Space | Spaces guide — SSH into a Space

📂 List all your repos with hf repos ls

A new hf repos ls command lists all your repositories — models, datasets, spaces, and buckets — with storage size and percentage of namespace total, sorted by storage usage. It supports --type, --search, --namespace, and --limit (default 30, --limit 0 for all), plus the standard --format family.

# List all your repos
$ hf repos ls
List all datasets under org with JSON output
$ hf repos ls --namespace my-org --type dataset --limit 0 --format json | jq '.[].id'

• [CLI] Add hf repos ls command by @​Wauplin in #4283

📚 Documentation: CLI guide — List repos | Repository guide — List your repositories

... (truncated)

Commits

• b529493 Release: v1.17.0
• e2f95ef Release: v1.17.0.rc0
• 06d2a3f [CLI] Add hf repos ls command (#4283)
• 714044e [Docs] Document missing parameters in lfs, hf_file_system, and repocard_data ...
• 5e8e940 [CLI] Auto right-align numeric columns in human table output (#4288)
• bb09fa4 [Copy] Support cross-repo file copies (#4203)
• b17ab0c [CLI] Drop legacy printing helpers from _cli_utils.py (#4285)
• 5c7920e [CLI] Migrate hf lfs-enable-largefiles, hf extensions, hf version to `o...
• ffc07b6 [Jobs] Decouple Job hardware from Spaces, auto-sync enums with Hub API (#4266)
• c06e976 [CLI] Auto-fit human tables to terminal width (#4251)
• Additional commits viewable in compare view

Updates matplotlib from 3.10.8 to 3.10.9

Release notes

Sourced from matplotlib's releases.

v3.10.9

This is a micro release of the v3.10.x series. Highlights of this release include:

• Various minor bug and doc fixes
• Security hardening validation of cyclers - Removing eval usage
• Security hardening in Latex and PS calls - Removing shell escapes

Commits

• dd8d78b REL: v3.10.9
• 2fb1891 REL: Release prep v3.10.9
• d0e923a Merge branch 'v3.10.8-doc' into v3.10.x
• 1637932 Merge pull request #31558 from meeseeksmachine/auto-backport-of-pr-31556-on-v...
• a83faac Backport PR #31556: FIX: Inverted PyErr_Occurred check in enum type caster (_...
• a4f57ab Merge pull request #31545 from ksunden/backport-of-pr-31282-on-v3.10.x
• 063288d Merge pull request #31544 from ksunden/backport-of-pr-31248-on-v3.10.x
• b2ed196 Backport PR #31248: SEC: Remove eval() from validate_cycler
• acc6024 Merge pull request #31282 from scottshambaugh/tex_no_shell
• e3fb541 Merge pull request #31078 from meeseeksmachine/auto-backport-of-pr-31075-on-v...
• Additional commits viewable in compare view

Updates opencv-python from 4.13.0.90 to 4.13.0.92

Release notes

Sourced from opencv-python's releases.

4.13.0.92

Follow up release for 4.13.0 with X server dependency fix. See #28438 for details.

Commits

• See full diff in compare view

Updates pillow from 12.1.1 to 12.2.0

Release notes

Sourced from pillow's releases.

12.2.0

https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html

Documentation

• Update 12.2.0 release notes #9522 [@​hugovk]
• Add loader plugins: AMOS abk, Atari Degas, 40+ more obscure formats via Netpbm #9482 [@​bitplane]
• Update Python versions #9515 [@​radarhere]
• Jeffrey A. Clark -> Jeffrey 'Alex' Clark #9513 [@​aclark4life]
• Add release notes for #9394, #9419 and #9456 #9467 [@​radarhere]
• Add Amiga Workbench .info loader to 3rd party plugins list #9459 [@​bitplane]
• Merge PFM documentation into PPM #9434 [@​radarhere]
• Update macOS tested Pillow versions #9431 [@​radarhere]
• Fix CVE number #9430 [@​hugovk]

Dependencies

• Update xz to 5.8.3 #9523 [@​radarhere]
• Update libjpeg-turbo to 3.1.4.1 #9507 [@​radarhere]
• Update libpng to 1.6.56 #9499 [@​radarhere]
• Update freetype to 2.14.3 #9485 [@​radarhere]
• Updated libavif to 1.4.1 #9479 [@​radarhere]
• Updated harfbuzz to 13.2.1 #9461 [@​radarhere]
• Update Ghostscript to 10.7.0 #9469 [@​radarhere]
• Update harfbuzz to 13.0.1 #9453 [@​radarhere]
• Update libavif to 1.4.0 #9460 [@​radarhere]
• Update freetype to 2.14.2 #9449 [@​radarhere]
• Update actions/download-artifact action to v8 #9451 [@renovate[bot]]
• Updated libpng to 1.6.55 #9425 [@​radarhere]

Testing

• Cleanup .spider extension in the same test where it is added #9517 [@​radarhere]
• Run tests in parallel via tox for 3.5x speedup #9516 [@​hugovk]
• Enable colour in CI logs #9486 [@​hugovk]
• Update Ghostscript to 10.7.0 #9469 [@​radarhere]
• Simplify TGA test code #9477 [@​radarhere]
• Update tests to check for ValueError when encoding an empty image #9464 [@​radarhere]
• Upgrade CI from macos-15-intel to macos-26-intel #9454 [@​hugovk]
• Add check-case-conflict hook #9446 [@​radarhere]
• Specify platform when pulling docker image #9440 [@​radarhere]
• GHA: Cache libavif and webp builds for Ubuntu #9437 [@​hugovk]
• Update macOS tested Pillow versions #9431 [@​radarhere]

Other changes

• Check calloc return value #9527 [@​radarhere]
• Check all allocs in the Arrow tree #9488 [@​wiredfool]
• Reject non-numeric elements inside list coords #9526 [@​hugovk]
• Move variable declaration inside define #9525 [@​radarhere]

... (truncated)

Commits

• 3c41c09 12.2.0 version bump
• cdaa29e Check calloc return value (#9527)
• 585b2f5 Check calloc return value
• ecf011e Check all allocs in the Arrow tree (#9488)
• cf6de8c Reject non-numeric elements inside list coords (#9526)
• ffdcede Update 12.2.0 release notes (#9522)
• 7929d77 Added security release notes (#149)
• c4f7aa5 Added security release notes
• 22cdb5f Move variable declaration inside define (#9525)
• fc15b3b Resize tall images vertically first (#9524)
• Additional commits viewable in compare view

Updates platformdirs from 4.5.1 to 4.10.0

Release notes

Sourced from platformdirs's releases.

4.10.0

What's Changed

• chore: improve platformdirs maintenance path by @​lphuc2250gma in tox-dev/platformdirs#488
• ✨ feat: add user_projects_dir for $XDG_PROJECTS_DIR by @​gaborbernat in tox-dev/platformdirs#490
• ✨ feat: add user_publicshare_dir, user_templates_dir, user_fonts_dir, user_preference_dir by @​gaborbernat in tox-dev/platformdirs#491

New Contributors

• @​lphuc2250gma made their first contribution in tox-dev/platformdirs#488

Full Changelog: tox-dev/platformdirs@4.9.6...4.10.0

4.9.6

What's Changed

• 🐛 fix(release): use double quotes for tag variable expansion by @​gaborbernat in tox-dev/platformdirs#477

Full Changelog: tox-dev/platformdirs@4.9.5...4.9.6

4.9.4

What's Changed

• Add permissions to workflows by @​gaborbernat in tox-dev/platformdirs#455
• Move SECURITY.md to .github/SECURITY.md by @​gaborbernat in tox-dev/platformdirs#456
• Standardize .github files to .yaml suffix by @​gaborbernat in tox-dev/platformdirs#458
• 📝 docs: add project logo to documentation by @​gaborbernat in tox-dev/platformdirs#459

Full Changelog: tox-dev/platformdirs@4.9.3...4.9.4

4.9.3

What's Changed

• Fix test failures on BSD for runtime directory defaults by @​Fridayai700 in tox-dev/platformdirs#451
• Respect XDG_CONFIG_HOME in _get_user_dirs_folder by @​bysiber in tox-dev/platformdirs#453
• Add missing _optionally_create_directory in Android user_log_dir and user_runtime_dir by @​bysiber in tox-dev/platformdirs#452

New Contributors

• @​Fridayai700 made their first contribution in tox-dev/platformdirs#451
• @​bysiber made their first contribution in tox-dev/platformdirs#453

Full Changelog: tox-dev/platformdirs@4.9.2...4.9.3

4.9.2

... (truncated)

Changelog

Sourced from platformdirs's changelog.

########### Changelog ###########

---

4.10.0 (2026-05-28)

---

• ✨ feat: add user_publicshare_dir, user_templates_dir, user_fonts_dir, user_preference_dir :pr:491
• ✨ feat: add user_projects_dir for $XDG_PROJECTS_DIR :pr:490
• chore: improve platformdirs maintenance path :pr:488 - by :user:lphuc2250gma

---

4.9.6 (2026-04-09)

---

• 🐛 fix(release): use double quotes for tag variable expansion :pr:477

---

4.9.5 (2026-04-06)

---

• 📝 docs(appauthor): clarify None vs False on Windows :pr:476
• Separates implementations of macOS dirs that share a default :pr:473 - by :user:Goddesen
• Remove persist-credentials: false from release job :pr:472
• fix: do not duplicate site dirs in Unix.iter_{config,site}_dirs() when use_site_for_root is active :pr:469 - by :user:viccie30
• 🔧 fix(type): resolve ty 0.0.25 type errors :pr:468
• 🔒 ci(workflows): add zizmor security auditing :pr:467
• 🐛 fix(release): generate docstrfmt-compatible changelog entries :pr:463

---

4.9.4 (2026-03-05)

---

• [pre-commit.ci] pre-commit autoupdate :pr:461 - by :user:pre-commit-ci[bot]
• Update README.md
• 📝 docs: add project logo to documentation :pr:459
• Standardize .github files to .yaml suffix
• build(deps): bump the all group with 2 updates :pr:457 - by :user:dependabot[bot]
• Move SECURITY.md to .github/SECURITY.md
• Add permissions to workflows :pr:455
• Add security policy
• [pre-commit.ci] pre-commit autoupdate :pr:454 - by :user:pre-commit-ci[bot]

---

4.9.2 (2026-02-16)

---

• 📝 docs: restructure following Diataxis framework :pr:448

... (truncated)

Commits

• 04cb136 Release 4.10.0
• 078bc61 ✨ feat: add user_publicshare_dir, user_templates_dir, user_fonts_dir, user_pr...
• d279747 ✨ feat: add user_projects_dir for $XDG_PROJECTS_DIR (#490)
• 4116391 [pre-commit.ci] pre-commit autoupdate (#489)
• dbc63f5 chore: improve platformdirs maintenance path (#488)
• 9265108 [pre-commit.ci] pre-commit autoupdate (#487)
• 9f857ec [pre-commit.ci] pre-commit autoupdate (#486)
• a76e777 [pre-commit.ci] pre-commit autoupdate (#484)
• 903fd9f [pre-commit.ci] pre-commit autoupdate (#483)
• a5da35d build(deps): bump astral-sh/setup-uv from 8.0.0 to 8.1.0 in the all group (#482)
• Additional commits viewable in compare view

Updates regex from 2026.1.15 to 2026.5.9

Changelog

Sourced from regex's changelog.

Version: 2026.5.9

Reverse matching with full unicode casefolding could lead to out-of-range string indexes.

Version: 2026.4.4

A fix for older Python versions before free-threading was  supported.

Version: 2026.4.3

More fixes for free-threading.

Version: 2026.3.32

Fixed segfault.

Version: 2026.3.31

Fixed bug again.

Version: 2026.3.30

Fixed bug.

Version: 2026.3.28

Fixed version.

Version: 2026.3.27

Various fixes, including ones to improve free-threading support.

Version: 2026.2.28

Replaced atomic operations with mutex on pattern object for free-threaded Python.

Version: 2026.2.26

PR [#598](https://github.com/mrabarnett/mrab-regex/issues/598): Fix race condition in storage caching with atomic operations.
Replaced use of PyUnicode_GET_LENGTH with PyUnicode_GetLength.

Version: 2026.2.19

Added \z as alias of \Z, like in re module.
Added prefixmatch as alias of match, like in re module.

Version: 2026.1.15

... (truncated)

Commits

• e57d185 Reverse matching with full unicode casefolding lead to out-of-range string in...
• bc57b04 A fix for older Python versions before free-threading was supported.
• 773e213 More fixes for free-threading.
• 5d51c75 Fixed segfault.
• 2aff2db Fixed bug again.
• 16af8ae Fixed bug.
• 2356563 Fixed bug.
• f579e8f Fixed version.
• 55315a0 Fixed version.
• 923d78e Various fixes, including ones to improve free-threading support.
• Additional commits viewable in compare view

Updates requests from 2.32.5 to 2.34.2

Release notes

Sourced from requests's releases.

v2.34.2

2.34.2 (2026-05-14)

• Moved headers input type back to Mapping to avoid invariance issues with MutableMapping and inferred dict types. Users calling Request.headers.update() may need to narrow typing in their code. (#7441)

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14

v2.34.1

2.34.1 (2026-05-13)

Bugfixes

• Widened json input type from dict and list to Mapping and Sequence. (#7436)
• Changed headers input type to MutableMapping and removed None from Request.headers typing to improve handling for users. (#7431)
• Response.reason moved from str | None to str to improve handling for users. (#7437)
• Fixed a bug where some bodies with custom __getattr__ implementations weren't being properly detected as Iterables. (#7433)

New Contributors

• @​k223kim made their first contribution in psf/requests#7433

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13

v2.34.0

2.34.0 (2026-05-11)

Announcements

• Requests 2.34.0 introduces inline types, replacing those provided by typeshed. Public API types should be fully compatible with mypy, pyright, and ty. We believe types are comprehensive but if you find issues, please report them to the pinned tracking issue.

  Special thanks to @​bastimeyer, @​cthoyt, @​edgarrmondragon, and @​srittau for helping review and test the types ahead of the release. (#7272)

Improvements

• Digest Auth hashing algorithms have added usedforsecurity=False to clarify security considerations. (#7310)
• Requests added support for Python 3.15 based on beta1. Downstream projects should be able to start testing prior to its release in October. (#7422)
• Requests added suppo...

  Description has been truncated

[dependabot]

Labels

The following labels could not be found: dependencies, python. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.