Skip to content

Bump the python-requirements group across 1 directory with 11 updates#555

Merged
fabiocaccamo merged 1 commit intomainfrom
dependabot/pip/python-requirements-0c01214245
Apr 5, 2026
Merged

Bump the python-requirements group across 1 directory with 11 updates#555
fabiocaccamo merged 1 commit intomainfrom
dependabot/pip/python-requirements-0c01214245

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 1, 2026

Updates the requirements on requests, mailchecker, phonenumbers, boto3, xmltodict, mypy, tox, boto3-stubs, types-openpyxl, types-python-dateutil and types-xmltodict to permit the latest version.
Updates requests from 2.32.5 to 2.33.1

Release notes

Sourced from requests's releases.

v2.33.1

2.33.1 (2026-03-30)

Bugfixes

  • Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. (#7305)
  • Fixed Content-Type header parsing for malformed values. (#7309)
  • Improved error consistency for malformed header values. (#7308)

New Contributors

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2331-2026-03-30

v2.33.0

2.33.0 (2026-03-25)

Announcements

  • 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

  • CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

  • Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

  • Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

  • Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

  • Various typo fixes and doc improvements.

New Contributors

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25

Changelog

Sourced from requests's changelog.

2.33.1 (2026-03-30)

Bugfixes

  • Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. (#7305)
  • Fixed Content-Type header parsing for malformed values. (#7309)
  • Improved error consistency for malformed header values. (#7308)

2.33.0 (2026-03-25)

Announcements

  • 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

  • CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

  • Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

  • Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

  • Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

  • Various typo fixes and doc improvements.
Commits

Updates mailchecker from 6.0.19 to 6.0.20

Changelog

Sourced from mailchecker's changelog.

v6.0.20 (2026/03/06 16:31 +00:00)

Commits

Updates phonenumbers from 9.0.21 to 9.0.27

Commits
  • 3b082bf Prep for 9.0.27 release
  • c496532 Generated files for metadata
  • ee29e85 Merge metadata changes from upstream 9.0.27
  • 07e2c75 Prep for 9.0.26 release
  • 55522da Generated files for metadata
  • 8ca762b Merge metadata changes from upstream 9.0.26
  • c4d8bac Prep for 9.0.25 release
  • 17db646 Generated files for metadata
  • d08f6b4 Merge metadata changes from upstream 9.0.25
  • 69451b2 Prep for 9.0.24 release
  • Additional commits viewable in compare view

Updates boto3 from 1.42.19 to 1.42.80

Commits
  • d66479d Merge branch 'release-1.42.80'
  • e930bfc Bumping version to 1.42.80
  • 2596b71 Add changelog entries from botocore
  • 617e6fb Bump github/codeql-action from 4.34.1 to 4.35.1 (#4746)
  • 9c5880d Bump pygments from 2.18.0 to 2.20.0 (#4747)
  • 79b815b Merge branch 'release-1.42.79'
  • 937a2b2 Merge branch 'release-1.42.79' into develop
  • b11c6f7 Bumping version to 1.42.79
  • 98fabce Add changelog entries from botocore
  • b5acf8b Merge branch 'release-1.42.78'
  • Additional commits viewable in compare view

Updates xmltodict from 1.0.2 to 1.0.4

Release notes

Sourced from xmltodict's releases.

v1.0.4

1.0.4 (2026-02-22)

Bug Fixes

  • unparse: add bytes_errors policy and handle bytes scalars consistently (ed70434)

v1.0.3

1.0.3 (2026-02-15)

Bug Fixes

  • unparse: serialize None text/attrs as empty values (fixes #401) (aa16511)

Documentation

  • readme: fix Fedora and Arch package links (fd6a73b)
Changelog

Sourced from xmltodict's changelog.

1.0.4 (2026-02-22)

Bug Fixes

  • unparse: add bytes_errors policy and handle bytes scalars consistently (ed70434)

1.0.3 (2026-02-15)

Bug Fixes

  • unparse: serialize None text/attrs as empty values (fixes #401) (aa16511)

Documentation

  • readme: fix Fedora and Arch package links (fd6a73b)
Commits
  • 8d7f1fd chore(master): release 1.0.4
  • ed70434 fix(unparse): add bytes_errors policy and handle bytes scalars consistently
  • 89c4bf7 chore(master): release 1.0.3
  • fd6a73b docs(readme): fix Fedora and Arch package links
  • aa16511 fix(unparse): serialize None text/attrs as empty values (fixes #401)
  • f7d76c9 style: lines required between function definitions
  • 1bfb267 build: remove unnecessary wheel from dependencies
  • d9f6d40 build: no need for README.md in MANIFEST.in
  • 34378ef build: pep 639 compliance
  • See full diff in compare view

Updates mypy to 1.20.0

Changelog

Sourced from mypy's changelog.

Mypy Release Notes

Next Release

Mypy 1.20

We’ve just uploaded mypy 1.20.0 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance improvements and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

Planned Changes to Defaults and Flags in Mypy 2.0

As a reminder, we are planning to enable --local-partial-types by default in mypy 2.0, which will likely be the next feature release. This will often require at least minor code changes. This option is implicitly enabled by mypy daemon, so this makes the behavior of daemon and non-daemon modes consistent.

Note that this release improves the compatibility of --local-partial-types significantly to make the switch easier (see below for more).

This can also be configured in a mypy configuration file (use False to disable):

local_partial_types = True

For more information, refer to the documentation.

We will also enable --strict-bytes by default in mypy 2.0. This usually requires at most minor code changes to adopt. For more information, refer to the documentation.

Finally, --allow-redefinition-new will be renamed to --allow-redefinition. If you want to continue using the older --allow-redefinition semantics which are less flexible (e.g. limited support for conditional redefinitions), you can switch to --allow-redefinition-old, which is currently supported as an alias to the legacy --allow-redefinition behavior. To use --allow-redefinition in the upcoming mypy 2.0, you can't use --no-local-partial-types. For more information, refer to the documentation.

Better Type Narrowing

Mypy's implementation of narrowing has been substantially reworked. Mypy will now narrow more aggressively, more consistently, and more correctly. In particular, you are likely to notice new narrowing behavior in equality expressions (==), containment expressions (in),

... (truncated)

Commits
  • 770d3ca Remove +dev from version
  • 4738ffa Changelog updates for 1.20 (#21109)
  • b4f07a7 Use 'native-parser' instead of 'native-parse' for optional dependency (#21115)
  • 7bec7b7 [mypyc] Document librt and librt.base64 (#21114)
  • c482596 --allow-redefinition-new is no longer experimental (#21110)
  • c916ca3 sdist: include misc/{diff-cache,apply-cache-diff}.py for `mypy/test/test_di...
  • b137e4e [mypyc] Speed up native-to-native imports within the same group (#21101)
  • 978b711 [mypyc] Fix range loop variable off-by-one after loop exit (#21098)
  • 67ada30 [stubtest] Check runtime availability of private types not marked `@type_chec...
  • bdef6ef librt cache tests: build respecting MYPY_TEST_PREFIX (#21097)
  • Additional commits viewable in compare view

Updates tox to 4.52.0

Release notes

Sourced from tox's releases.

v4.52.0

What's Changed

Full Changelog: tox-dev/tox@4.51.0...4.52.0

Changelog

Sourced from tox's changelog.

Features - 4.52.0

  • Add virtualenv-pep-723 runner that reads dependencies and Python version from :PEP:723 inline script metadata — no need to duplicate them in tox config - by :user:gaborbernat. (:issue:3897)
  • Support escaped dots (\.) in -x/--override keys, allowing overrides to target environments with dots in their names such as py3.14 - by :user:gaborbernat. (:issue:3910)

Bug fixes - 4.52.0

  • Auto-generate the manpage from the CLI argparse parser at wheel build time, fixing broken section headers and documenting all commands and options - by :user:gaborbernat. (:issue:3878)

Miscellaneous internal changes - 4.52.0

  • Remove unsupported --remote flag from gh repo fork in the update-schemastore workflow, as recent versions of gh no longer accept it - by :user:rahuldevikar. (:issue:3908)

v4.51.0 (2026-03-27)

Features - 4.51.0

  • Add base_python_file configuration option to read the base Python version from a file (e.g. .python-version), similar to GitHub Actions' python-version-file - by :user:rahuldevikar (:issue:3894)

Bug fixes - 4.51.0

  • Prevent implicit machine ISA (e.g. arm64, x86_64) from overriding explicit architecture factors in environment names, fixing cross-architecture conflicts in multiline factor conditionals - by :user:rahuldevikar. (:issue:3903)
  • Nested environment list configuration values are now properly parsed, validated and expanded by the TOML parser. This allows you to use generative environment lists in tox-gh via the TOML format. Previously this was only possible with the INI format. - by :user:Daverball (:issue:3905)

Miscellaneous internal changes - 4.51.0

  • Enable persist-credentials: true in the actions/checkout step of the prepare-release workflow so that git push operations succeed during automated releases - by :user:rahuldevikar. (:issue:3907)

v4.50.3 (2026-03-20)

Bug fixes - 4.50.3

... (truncated)

Commits
  • d83d577 release 4.52.0
  • da0f890 ✨ feat(runner): add PEP 723 inline script metadata support (#3912)
  • b232d2d 🐛 fix(docs): auto-generate manpage from CLI parser (#3911)
  • 84958f7 [pre-commit.ci] pre-commit autoupdate (#3909)
  • 15d9ac0 ✨ feat(config): support escaped dots in -x override keys (#3910)
  • 0eda3a2 remove unsupported --remote flag from gh repo fork (#3908)
  • 5f1ec1a release 4.51.0
  • b5f9b13 fix: enable persist-credentials for release workflow (#3907)
  • 8c9c199 🐛 fix(config): fix handling of env_list in nested contexts (#3905)
  • 451aa9c prevent machine ISA from overriding explicit env factors (#3904)
  • Additional commits viewable in compare view

Updates boto3-stubs from 1.42.19 to 1.42.80

Release notes

Sourced from boto3-stubs's releases.

8.8.0 - Python 3.8 runtime is back

Changed

  • [services] install_requires section is calculated based on dependencies in use, so typing-extensions version is set properly
  • [all] Replaced typing imports with collections.abc with a fallback to typing for Python <3.9
  • [all] Added aliases for builtins.list, builtins.set, builtins.dict, and builtins.type, so Python 3.8 runtime should work as expected again (reported by @​YHallouard in #340 and @​Omri-Ben-Yair in #336)
  • [all] Unions use the same type annotations as the rest of the structures due to proper fallbacks

Fixed

  • [services] Universal input/output shapes were not replaced properly in service subresources
  • [docs] Simplified doc links rendering for services
  • [services] Cleaned up unnecessary imports in client.pyi
  • [builder] Import records with fallback are always rendered
Commits

Updates types-openpyxl from 3.1.5.20250919 to 3.1.5.20260322

Commits

Updates types-python-dateutil from 2.9.0.20251115 to 2.9.0.20260323

Commits

Updates types-xmltodict from 1.0.1.20250920 to 1.0.1.20260113

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the python-requirements group across 1 directory with 11 updates
c258534 
Updates the requirements on [requests](https://github.com/psf/requests), [mailchecker](https://github.com/FGRibreau/mailchecker), [phonenumbers](https://github.com/daviddrysdale/python-phonenumbers), [boto3](https://github.com/boto/boto3), [xmltodict](https://github.com/martinblech/xmltodict), [mypy](https://github.com/python/mypy), [tox](https://github.com/tox-dev/tox), [boto3-stubs](https://github.com/youtype/mypy_boto3_builder), [types-openpyxl](https://github.com/python/typeshed), [types-python-dateutil](https://github.com/python/typeshed) and [types-xmltodict](https://github.com/python/typeshed) to permit the latest version.

Updates `requests` from 2.32.5 to 2.33.1
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.32.5...v2.33.1)

Updates `mailchecker` from 6.0.19 to 6.0.20
- [Changelog](https://github.com/FGRibreau/mailchecker/blob/master/CHANGELOG.md)
- [Commits](FGRibreau/mailchecker@v6.0.19...v6.0.20)

Updates `phonenumbers` from 9.0.21 to 9.0.27
- [Commits](daviddrysdale/python-phonenumbers@v9.0.21...v9.0.27)

Updates `boto3` from 1.42.19 to 1.42.80
- [Release notes](https://github.com/boto/boto3/releases)
- [Commits](boto/boto3@1.42.19...1.42.80)

Updates `xmltodict` from 1.0.2 to 1.0.4
- [Release notes](https://github.com/martinblech/xmltodict/releases)
- [Changelog](https://github.com/martinblech/xmltodict/blob/master/CHANGELOG.md)
- [Commits](martinblech/xmltodict@v1.0.2...v1.0.4)

Updates `mypy` to 1.20.0
- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md)
- [Commits](python/mypy@v1.19.0...v1.20.0)

Updates `tox` to 4.52.0
- [Release notes](https://github.com/tox-dev/tox/releases)
- [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst)
- [Commits](tox-dev/tox@4.32.0...4.52.0)

Updates `boto3-stubs` from 1.42.19 to 1.42.80
- [Release notes](https://github.com/youtype/mypy_boto3_builder/releases)
- [Commits](https://github.com/youtype/mypy_boto3_builder/commits)

Updates `types-openpyxl` from 3.1.5.20250919 to 3.1.5.20260322
- [Commits](https://github.com/python/typeshed/commits)

Updates `types-python-dateutil` from 2.9.0.20251115 to 2.9.0.20260323
- [Commits](https://github.com/python/typeshed/commits)

Updates `types-xmltodict` from 1.0.1.20250920 to 1.0.1.20260113
- [Commits](https://github.com/python/typeshed/commits)

---
updated-dependencies:
- dependency-name: requests
  dependency-version: 2.33.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-requirements
- dependency-name: mailchecker
  dependency-version: 6.0.20
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-requirements
- dependency-name: phonenumbers
  dependency-version: 9.0.27
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-requirements
- dependency-name: boto3
  dependency-version: 1.42.80
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-requirements
- dependency-name: xmltodict
  dependency-version: 1.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-requirements
- dependency-name: mypy
  dependency-version: 1.20.0
  dependency-type: direct:production
  dependency-group: python-requirements
- dependency-name: tox
  dependency-version: 4.52.0
  dependency-type: direct:production
  dependency-group: python-requirements
- dependency-name: boto3-stubs
  dependency-version: 1.42.80
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-requirements
- dependency-name: types-openpyxl
  dependency-version: 3.1.5.20260322
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-requirements
- dependency-name: types-python-dateutil
  dependency-version: 2.9.0.20260323
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-requirements
- dependency-name: types-xmltodict
  dependency-version: 1.0.1.20260113
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-requirements
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Apr 1, 2026
@fabiocaccamo fabiocaccamo merged commit 43e11db into main Apr 5, 2026
18 checks passed
@dependabot dependabot bot deleted the dependabot/pip/python-requirements-0c01214245 branch April 5, 2026 15:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@fabiocaccamo