Bump the dependabot group with 4 updates #375
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
Bumps the dependabot group with 4 updates: [setuptools](https://github.com/pypa/setuptools), [certifi](https://github.com/certifi/python-certifi), [pip](https://github.com/pypa/pip) and [importlib-metadata](https://github.com/python/importlib_metadata). Updates `setuptools` from 79.0.0 to 80.0.0 - [Release notes](https://github.com/pypa/setuptools/releases) - [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst) - [Commits](pypa/setuptools@v79.0.0...v80.0.0) Updates `certifi` from 2025.1.31 to 2025.4.26 - [Commits](certifi/python-certifi@2025.01.31...2025.04.26) Updates `pip` from 25.0.1 to 25.1 - [Changelog](https://github.com/pypa/pip/blob/main/NEWS.rst) - [Commits](pypa/pip@25.0.1...25.1) Updates `importlib-metadata` from 8.6.1 to 8.7.0 - [Release notes](https://github.com/python/importlib_metadata/releases) - [Changelog](https://github.com/python/importlib_metadata/blob/main/NEWS.rst) - [Commits](python/importlib_metadata@v8.6.1...v8.7.0) --- updated-dependencies: - dependency-name: setuptools dependency-version: 80.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependabot - dependency-name: certifi dependency-version: 2025.4.26 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependabot - dependency-name: pip dependency-version: '25.1' dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependabot - dependency-name: importlib-metadata dependency-version: 8.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependabot ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot
bot
added
dependencies
jmichelp
approved these changes
Apr 28, 2025
Pull Request Test Coverage Report for Build 14701677825Details
💛 - Coveralls |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps the dependabot group with 4 updates: setuptools, certifi, pip and importlib-metadata.
Updates
setuptoolsfrom 79.0.0 to 80.0.0Changelog
Sourced from setuptools's changelog.
Commits
aeea792Bump version: 79.0.1 → 80.0.02c874e7Merge pull request #4962 from pypa/bugfix/4961-validated-eps82c588aUpdate test to honor new behavior in importlib_metadata 8.7ef4cd29Merge pull request #2908 from pypa/debt/remove-easy-install85bbad4Merge branch 'main' into debt/remove-easy-install9653305Merge pull request #4955 from pypa/debt/develop-uses-pipda119e7Set a due date 6 months in advance.a7603daRename news fragment to reference the pull request for better precise locality.018a20cRestore a few of the options to develop.a5f02feRemove another test relying on setup.py develop.Updates
certififrom 2025.1.31 to 2025.4.26Commits
275c9eb2025.04.26 (#347)3788331Bump actions/setup-python from 5.4.0 to 5.5.0 (#346)9d1f1b7Bump actions/download-artifact from 4.1.9 to 4.2.1 (#344)96b97a5Bump actions/upload-artifact from 4.6.1 to 4.6.2 (#343)c054ed3Bump peter-evans/create-pull-request from 7.0.7 to 7.0.8 (#342)44547fcBump actions/download-artifact from 4.1.8 to 4.1.9 (#341)5ea5124Bump actions/upload-artifact from 4.6.0 to 4.6.1 (#340)2f142b7Bump peter-evans/create-pull-request from 7.0.6 to 7.0.7 (#339)80d2ebdBump actions/setup-python from 5.3.0 to 5.4.0 (#337)Updates
pipfrom 25.0.1 to 25.1Changelog
Sourced from pip's changelog.
... (truncated)
Commits
daa7e54Bump for release06c3182Update AUTHORS.txtb88324fAdd a news file for the pip lock command38253a6Merge pull request #13319 from sbidoul2791a8bMerge pull request #13344 from pypa/dependabot/pip/build-project/setuptools-7...24f4600Remove LRU cache from methods [ruff rule cached-instance-method] (#13306)d852ebdMerge pull request #12308d35c08dClarify what the removal of the pkg_ressources backend impliese879422Rename find_linked to find_legacy_editables4a76560Fix uninstallation of zipped eggsUpdates
importlib-metadatafrom 8.6.1 to 8.7.0Changelog
Sourced from importlib-metadata's changelog.
Commits
708dff4Finalizeb3065f0Merge pull request #519 from python/bugfix/493-metadata-missinge4351c2Add a new test capturing the new expectation.5a65705Refactor the casting into a wrapper for brevity and to document its purpose.0830c39Add news fragment.22bb567Fix type errors where metadata could be None.57f31d7Allow metadata to return None when there is no metadata present.b9c4be4Merge pull request #518 from python/bugfix/488-bad-ep-value9f8af01Prefer a cached property, as the property is likely to be retrieved at least ...f179e28Also raise ValueError on construction if the value is invalid.Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions