Skip to content

deps(deps): bump the python-deps group in /feinschliff with 6 updates#27

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/feinschliff/python-deps-e5f5b298fe
Open

deps(deps): bump the python-deps group in /feinschliff with 6 updates#27
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/feinschliff/python-deps-e5f5b298fe

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 25, 2026

Updates the requirements on python-pptx, lxml, jsonschema, pyyaml, cairosvg and ruff to permit the latest version.
Updates python-pptx to 1.0.2

Changelog

Sourced from python-pptx's changelog.

1.0.2 (2024-08-07) ++++++++++++++++++

  • fix: #1003 restore read-only enum members

1.0.1 (2024-08-05) ++++++++++++++++++

  • fix: #1000 add py.typed

1.0.0 (2024-08-03) ++++++++++++++++++

  • fix: #929 raises on JPEG with image/jpg MIME-type
  • fix: #943 remove mention of a Px Length subtype
  • fix: #972 next-slide-id fails in rare cases
  • fix: #990 do not require strict timestamps for Zip
  • Add type annotations

0.6.23 (2023-11-02) +++++++++++++++++++

  • fix: #912 Pillow<=9.5 constraint entails security vulnerability

0.6.22 (2023-08-28) +++++++++++++++++++

  • Add #909 Add imgW, imgH params to shapes.add_ole_object()
  • fix: #754 _Relationships.items() raises
  • fix: #758 quote in autoshape name must be escaped
  • fix: #746 update Python 3.x support in docs
  • fix: #748 setup's license should be short string
  • fix: #762 AttributeError: module 'collections' has no attribute 'abc' (Windows Python 3.10+)

0.6.21 (2021-09-20) +++++++++++++++++++

  • Fix #741 _DirPkgReader must implement .contains()

0.6.20 (2021-09-14) +++++++++++++++++++

  • Fix #206 accommodate NULL target-references in relationships.
  • Fix #223 escape image filename that appears as literal in XML.

... (truncated)

Commits
  • 278b47b fix(enum): replace read-only enum values
  • 0f980cd fix(type): add py.typed
  • 31955c0 docs: update docs build
  • 04a3e9d release: prepare v1.0.0 release
  • 40301cc build: modernize build process
  • af6a8f7 fix: #929 raises on JPEG with image/jpg MIME-type
  • 284fc01 fix: #990 Turn off ZipFile strict_timestamps
  • 799b214 fix: #972 next-slide-id fails when max used
  • d5c95be fix: #943 Docstring implies Px subtype of Length
  • c38d5f5 type: general modernization
  • Additional commits viewable in compare view

Updates lxml to 6.1.1

Changelog

Sourced from lxml's changelog.

6.1.1 (2026-05-18)

Bugs fixed

6.1.0 (2026-04-17)

This release fixes a possible external entity injection (XXE) vulnerability in iterparse() and the ETCompatXMLParser.

Features added

  • GH#486: The HTML ARIA accessibility attributes were added to the set of safe attributes in lxml.html.defs. This allows lxml_html_clean to pass them through. Patch by oomsveta.

  • The default chunk size for reading from file-likes in iterparse() is now configurable with a new chunk_size argument.

Bugs fixed

  • LP#2146291: The resolve_entities option was still set to True for iterparse and ETCompatXMLParser, allowing for external entity injection (XXE) when using these parsers without setting this option explicitly. The default was now changed to 'internal' only (as for the normal XML and HTML parsers since lxml 5.0). Issue found by Sihao Qiu as CVE-2026-41066.

6.0.4 (2026-04-12)

Bugs fixed

  • LP#2148019: Spurious MemoryError during namespace cleanup.

... (truncated)

Commits
  • b4a4c59 Build: Fix build in Py3.8.
  • a116dcb Fix typo: type annotions -> type annotations in PEP 560 comments (GH-504)
  • 7287a75 Prepare release of 6.1.1.
  • 5927a6d Add missing "xlink:href" to the known HTML link attributes.
  • 23efeb4 Build: Fix build in Py3.8.
  • 2c0563b Build: Add bug patch for libxslt 1.1.43 and apply it during the static librar...
  • 8a35fcc Fix doctest in PyPy3.9.
  • 43722f4 Update changelog.
  • 8747040 Name version of option change in docstring.
  • 6c36e6c Fix pypistats URL in download statistics script.
  • Additional commits viewable in compare view

Updates jsonschema to 4.26.0

Release notes

Sourced from jsonschema's releases.

v4.26.0

What's Changed

New Contributors

Full Changelog: python-jsonschema/jsonschema@v4.25.1...v4.26.0

Changelog

Sourced from jsonschema's changelog.

v4.26.0

  • Decrease import time by delaying importing of urllib.request (#1416).

v4.25.1

  • Fix an incorrect required argument in the Validator protocol's type annotations (#1396).

v4.25.0

  • Add support for the iri and iri-reference formats to the format-nongpl extra via the MIT-licensed rfc3987-syntax. They were alread supported by the format extra. (#1388).

v4.24.1

  • Properly escape segments in ValidationError.json_path (#139).

v4.24.0

  • Fix improper handling of unevaluatedProperties in the presence of additionalProperties (#1351).
  • Support for Python 3.8 has been dropped, as it is end-of-life.

v4.23.0

  • Do not reorder dictionaries (schemas, instances) that are printed as part of validation errors.
  • Declare support for Py3.13

v4.22.0

  • Improve best_match (and thereby error messages from jsonschema.validate) in cases where there are multiple sibling errors from applying anyOf / allOf -- i.e. when multiple elements of a JSON array have errors, we now do prefer showing errors from earlier elements rather than simply showing an error for the full array (#1250).
  • (Micro-)optimize equality checks when comparing for JSON Schema equality by first checking for object identity, as == would.

v4.21.1

  • Slightly speed up the contains keyword by removing some unnecessary validator (re-)creation.

v4.21.0

  • Fix the behavior of enum in the presence of 0 or 1 to properly consider True and False unequal (#1208).
  • Special case the error message for {min,max}{Items,Length,Properties} when they're checking for emptiness rather than true length.

... (truncated)

Commits
  • a727743 Add a changelog entry for 4.26.
  • 6d28c13 Update the lockfile.
  • 739499e Update pre-commit hooks.
  • cb2d779 Merge pull request #1443 from python-jsonschema/pre-commit-ci-update-config
  • e6bbbb7 [pre-commit.ci] pre-commit autoupdate
  • d56037a Merge pull request #1442 from python-jsonschema/dependabot/github_actions/ast...
  • e54ce13 Bump astral-sh/setup-uv from 7.1.4 to 7.1.6
  • 1f7c9fb Partially update docs requirements.
  • 241aec9 Merge pull request #1441 from python-jsonschema/pre-commit-ci-update-config
  • 2818efb Apache-2.0 -> nongpl
  • Additional commits viewable in compare view

Updates pyyaml to 6.0.3

Release notes

Sourced from pyyaml's releases.

6.0.3

What's Changed

  • Support for Python 3.14 and free-threading (experimental).

Full Changelog: yaml/pyyaml@6.0.2...6.0.3

Changelog

Sourced from pyyaml's changelog.

6.0.3 (2025-09-25)

  • yaml/pyyaml#864 -- Support for Python 3.14 and free-threading (experimental)

6.0.2 (2024-08-06)

6.0.1 (2023-07-18)

6.0 (2021-10-13)

5.4.1 (2021-01-20)

  • yaml/pyyaml#480 -- Fix stub compat with older pyyaml versions that may unwittingly load it

5.4 (2021-01-19)

5.3.1 (2020-03-18)

  • yaml/pyyaml#386 -- Prevents arbitrary code execution during python/object/new constructor

5.3 (2020-01-06)

... (truncated)

Commits

Updates cairosvg to 2.9.0

Release notes

Sourced from cairosvg's releases.

2.9.0

WARNING: this is a security update.

Using a lot of recursively nested use tags could lead to long rendering times with relatively small inputs. CairoSVG now stops rendering when more than 100k use tags are rendered.

Using the --unsafe option allows to render larger documents.

  • Drop support of Python 3.9, add support of Python 3.14
Changelog

Sourced from cairosvg's changelog.

Version 2.9.0 released on 2026-03-13

WARNING: this is a security update.

Using a lot of recursively nested use tags could lead to long rendering times with relatively small inputs. CairoSVG now stops rendering when more than 100k use tags are rendered.

Using the --unsafe option allows to render larger documents.

  • Drop support of Python 3.9, add support of Python 3.14

Version 2.8.2 released on 2025-05-15

  • Allow both Unicode strings and bytes as input

Version 2.8.1 released on 2025-05-14

  • Allow both text- and bytes-based file objects as input

Version 2.8.0 released on 2025-05-12

  • Drop support of Python 3.7 and 3.8, add support of Python 3.12 and 3.13
  • Optimize math operations
  • Use pathlib
  • Close paths for ellipses and circles
  • Fix output ratio for SVG surfaces
  • Avoid endless loops when updating def attributes
  • Round PNG size
  • Don’t crash when more than 2 values are given to translate and scale functions

Version 2.7.1 released on 2023-08-05

  • Don’t draw clipPath when defined after reference
  • Handle evenodd fill rule with gradients and patterns
  • Fix ratio and clip for "image" tags with no size
  • Handle data-URLs in safe mode
  • Use f-strings

Version 2.7.0 released on 2023-03-20

... (truncated)

Commits
  • fe5cae5 Version 2.9.0
  • 6dde868 Abort when more than 100k referenced elements are rendered
  • a6b3a98 Cut long line again
  • ce8b51d Cut long line
  • b7818c9 Clarify unsafe option scope without removing security warning
  • 9e8c6ed Version 2.8.2
  • 1c28b57 De-duplicate input string encoding
  • b4670ec Merge pull request #443 from marcelometal/ensure-bytestring-type-before-gzip
  • 245b3f2 Ensure bytestring is bytes before checking for gzip header
  • e5128ec Version 2.8.1
  • Additional commits viewable in compare view

Updates ruff to 0.15.14

Release notes

Sourced from ruff's releases.

0.15.14

Release Notes

Released on 2026-05-21.

Preview features

  • [airflow] Implement airflow-task-implicit-multiple-outputs (AIR202) (#25152)
  • [flake8-use-pathlib] Mark PTH101 fix as unsafe when first argument is a class attribute annotated as int (#25086)
  • [pylint] Implement too-many-try-statements (W0717) (#23970)
  • [ruff] Add incorrect-decorator-order (RUF074) (#23461)
  • [ruff] Add fallible-context-manager (RUF075) (#22844)

Bug fixes

  • Fix lambda formatting in interpolated string expressions (#25144)
  • Treat generic frozenset annotations as immutable (#25251)
  • [flake8-type-checking] Avoid strict behavior when future-annotations are enabled (TC001, TC002, TC003) (#25035)
  • [pylint] Avoid false positives in else clause (PLR1733) (#25177)

Rule changes

  • [flake8-comprehensions] Skip C417 for lambdas with positional-only parameters (#25272)
  • [flake8-simplify] Preserve f-string source verbatim in SIM101 fix (#25061)

Performance

  • Avoid unnecessary parser lookahead for operators (#25290)

Documentation

  • Update code example setting Neovim LSP log level (#25284)

Other changes

  • Add full PEP 798 support (#25104)
  • Add a parser recursion limit (#24810)
  • Update various ruff_python_stdlib APIs (#25273)

Contributors

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.14

Released on 2026-05-21.

Preview features

  • [airflow] Implement airflow-task-implicit-multiple-outputs (AIR202) (#25152)
  • [flake8-use-pathlib] Mark PTH101 fix as unsafe when first argument is a class attribute annotated as int (#25086)
  • [pylint] Implement too-many-try-statements (W0717) (#23970)
  • [ruff] Add incorrect-decorator-order (RUF074) (#23461)
  • [ruff] Add fallible-context-manager (RUF075) (#22844)

Bug fixes

  • Fix lambda formatting in interpolated string expressions (#25144)
  • Treat generic frozenset annotations as immutable (#25251)
  • [flake8-type-checking] Avoid strict behavior when future-annotations are enabled (TC001, TC002, TC003) (#25035)
  • [pylint] Avoid false positives in else clause (PLR1733) (#25177)

Rule changes

  • [flake8-comprehensions] Skip C417 for lambdas with positional-only parameters (#25272)
  • [flake8-simplify] Preserve f-string source verbatim in SIM101 fix (#25061)

Performance

  • Avoid unnecessary parser lookahead for operators (#25290)

Documentation

  • Update code example setting Neovim LSP log level (#25284)

Other changes

  • Add full PEP 798 support (#25104)
  • Add a parser recursion limit (#24810)
  • Update various ruff_python_stdlib APIs (#25273)

Contributors

... (truncated)

Commits
  • 9ad2da3 Bump 0.15.14 (#25295)
  • c714e84 [ty] Modernize setup of union types in mdtests (#25291)
  • 8a8e35e [flake8-comprehensions] Skip C417 for lambdas with positional-only parame...
  • aea5ed4 Avoid unnecessary parser lookahead for operators (#25290)
  • e9d72bb [ty] Allow enum member accesses on self (#25077)
  • 6cbd59b Set exclude-newer = "7 days" in our PEP-723 scripts (#25285)
  • 9999a39 Update code example on how to update Neovim LSP log level (#25284)
  • 67d8c54 [ty] Retain recursively-defined state in binary expressions (#25277)
  • 25a3191 [ty] Refine Callable class-decorator fallback for unknown results (#25250)
  • c423054 Add a recursion limit to the parser (#24810)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
deps(deps): bump the python-deps group in /feinschliff with 6 updates
c11c6ef 
Updates the requirements on [python-pptx](https://github.com/scanny/python-pptx), [lxml](https://github.com/lxml/lxml), [jsonschema](https://github.com/python-jsonschema/jsonschema), [pyyaml](https://github.com/yaml/pyyaml), [cairosvg](https://github.com/Kozea/CairoSVG) and [ruff](https://github.com/astral-sh/ruff) to permit the latest version.

Updates `python-pptx` to 1.0.2
- [Changelog](https://github.com/scanny/python-pptx/blob/master/HISTORY.rst)
- [Commits](scanny/python-pptx@v0.6.23...v1.0.2)

Updates `lxml` to 6.1.1
- [Release notes](https://github.com/lxml/lxml/releases)
- [Changelog](https://github.com/lxml/lxml/blob/master/CHANGES.txt)
- [Commits](lxml/lxml@lxml-4.9.0...lxml-6.1.1)

Updates `jsonschema` to 4.26.0
- [Release notes](https://github.com/python-jsonschema/jsonschema/releases)
- [Changelog](https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst)
- [Commits](python-jsonschema/jsonschema@v4.21.0...v4.26.0)

Updates `pyyaml` to 6.0.3
- [Release notes](https://github.com/yaml/pyyaml/releases)
- [Changelog](https://github.com/yaml/pyyaml/blob/6.0.3/CHANGES)
- [Commits](yaml/pyyaml@6.0...6.0.3)

Updates `cairosvg` to 2.9.0
- [Release notes](https://github.com/Kozea/CairoSVG/releases)
- [Changelog](https://github.com/Kozea/CairoSVG/blob/main/NEWS.rst)
- [Commits](Kozea/CairoSVG@2.7.0...2.9.0)

Updates `ruff` to 0.15.14
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.13...0.15.14)

---
updated-dependencies:
- dependency-name: python-pptx
  dependency-version: 1.0.2
  dependency-type: direct:production
  dependency-group: python-deps
- dependency-name: lxml
  dependency-version: 6.1.1
  dependency-type: direct:production
  dependency-group: python-deps
- dependency-name: jsonschema
  dependency-version: 4.26.0
  dependency-type: direct:production
  dependency-group: python-deps
- dependency-name: pyyaml
  dependency-version: 6.0.3
  dependency-type: direct:production
  dependency-group: python-deps
- dependency-name: cairosvg
  dependency-version: 2.9.0
  dependency-type: direct:production
  dependency-group: python-deps
- dependency-name: ruff
  dependency-version: 0.15.14
  dependency-type: direct:development
  dependency-group: python-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels May 25, 2026
@dependabot dependabot Bot requested a review from marsmike as a code owner May 25, 2026 05:27
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels May 25, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@marsmike marsmike Awaiting requested review from marsmike marsmike is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants