Skip to content

build(deps): bump the general-dependencies group across 1 directory with 3 updates#555

Closed
dependabot[bot] wants to merge 2 commits into
mainfrom
dependabot/pip/general-dependencies-ba4a2b6e25
Closed

build(deps): bump the general-dependencies group across 1 directory with 3 updates#555
dependabot[bot] wants to merge 2 commits into
mainfrom
dependabot/pip/general-dependencies-ba4a2b6e25

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Updates the requirements on trame-vtk, jupytext and ansys-fluent-core to permit the latest version.
Updates trame-vtk to 2.11.12

Release notes

Sourced from trame-vtk's releases.

v2.11.12 (2026-06-12)

This release is published under the BSD License License.

Bug Fixes

  • export: Bring back manual update of viewer (c658007)

  • standalone_viewer: Update to latest and fix load call (266aa1b)

Continuous Integration

  • Try to fix testing with playwright (71f3076)

Testing

  • ci: Update baseline for github (dda42cf)

Detailed Changes: v2.11.11...v2.11.12

Changelog

Sourced from trame-vtk's changelog.

CHANGELOG

v2.11.8 (2026-04-24)

Bug Fixes

  • vtk9.7: Replace GetSize() call by GetNumberOfValues() (eed8a5a)

fix #111

v2.11.7 (2026-04-13)

Bug Fixes

  • static_viewer: Include in repo to skip auto fetch on vtk.js (9302c6b)

v2.11.6 (2026-03-25)

Bug Fixes

  • array: Skip hash and eq usage on array (12e2d35)

v2.11.5 (2026-03-25)

Bug Fixes

  • static_viewer: Update static viewer from vtk.js (3bb5f16)

v2.11.4 (2026-03-25)

Bug Fixes

  • array: Don't rely on hashable arrays (e740a95)

v2.11.3 (2026-03-15)

Bug Fixes

  • tool: Vtksz2html use new dom container

... (truncated)

Commits

Updates jupytext from 1.19.3 to 1.19.4

Release notes

Sourced from jupytext's releases.

Version 1.19.4

Changed

  • Jupytext's documentation is now at https://jupytext.org! (#1538)
  • We have moved Jupytext to its own Jupytext organization (#1546)
  • Updated the JupyterLab extension production dependencies (12 patch updates) (#1541)
  • We require pandoc<3.10 on the CI as pandoc converts the "3.10" string to a float, which then causes issues in Jupytext (#1545)
  • Fixed the CI so that tests also run on scheduled runs, and so that jupyterfs tests are skipped when their initialization fails (#1539)
  • In the CI, the extension is build using a dedicated build pixi environment.

Fixed

  • We now support unicode characters while dumping YAML (#1542)

Added

  • A new custom_language_magics option is available (#1491). Thanks to steovd for making the PR!

Security

  • Fixed GHSA-m22c-4q2m-m5wr: the update-playwright-snapshots workflow was triggerable by any user via an issue_comment event. It now checks that the comment author is an OWNER, MEMBER, or COLLABORATOR before running (#1535)
  • Set persist-credentials: false on all workflow checkout steps as defense-in-depth, preventing a live GITHUB_TOKEN from being left in .git/config where attacker-controlled build hooks could read it. This is strictly required only for update-playwright-snapshots (fixed above), but applies to all workflows so they remain safe if their scope is later extended.
Changelog

Sourced from jupytext's changelog.

1.19.4 (2026-06-21)

Changed

  • Jupytext's documentation is now at https://jupytext.org! (#1538)
  • We have moved Jupytext to its own Jupytext organization (#1546)
  • Updated the JupyterLab extension production dependencies (12 patch updates) (#1541)
  • We require pandoc<3.10 on the CI as pandoc converts the "3.10" string to a float, which then causes issues in Jupytext (#1545)
  • Fixed the CI so that tests also run on scheduled runs, and so that jupyterfs tests are skipped when their initialization fails (#1539)
  • In the CI, the extension is build using a dedicated build pixi environment.

Fixed

  • We now support unicode characters while dumping YAML (#1542)

Added

  • A new custom_language_magics option is available (#1491). Thanks to steovd for making the PR!

Security

  • Fixed GHSA-m22c-4q2m-m5wr: the update-playwright-snapshots workflow was triggerable by any user via an issue_comment event. It now checks that the comment author is an OWNER, MEMBER, or COLLABORATOR before running (#1535)
  • Set persist-credentials: false on all workflow checkout steps as defense-in-depth, preventing a live GITHUB_TOKEN from being left in .git/config where attacker-controlled build hooks could read it. This is strictly required only for update-playwright-snapshots (fixed above), but applies to all workflows so they remain safe if their scope is later extended.
Commits
  • 95cd281 Fix: quarto example
  • 8ef90bb Move Jupytext to a Jupytext organization
  • 7cfe21d Update the jupytext.org website (#1561)
  • 590ce61 build(deps): bump undici
  • 61e7163 Add custom_language_magics option to support user-defined language magics i...
  • 1d464eb Fix: use comment-tag to update the existing PR comment (#1560)
  • 7a65533 Fix CI: Build the extension with a dedicated pixi environment (#1558)
  • cbf24f8 docs: add changelog entries for #1539, #1540, and #1541
  • 7e433c5 ci: set persist-credentials: false on all workflow checkouts
  • 2d09640 build(deps): bump the jupytext-extension-dependencies group across 2 director...
  • Additional commits viewable in compare view

Updates ansys-fluent-core from 0.39.0 to 0.39.1

Commits

@dependabot dependabot Bot added dependencies Related with project dependencies maintenance Package and maintenance related labels Jul 1, 2026
@dependabot dependabot Bot added the dependencies Related with project dependencies label Jul 1, 2026
@dependabot dependabot Bot requested a review from RobPasMue as a code owner July 1, 2026 01:43
@dependabot dependabot Bot added the maintenance Package and maintenance related label Jul 1, 2026
@dependabot dependabot Bot changed the title build(deps): bump the general-dependencies group with 3 updates build(deps): bump the general-dependencies group across 1 directory with 3 updates Jul 1, 2026
@dependabot dependabot Bot force-pushed the dependabot/pip/general-dependencies-ba4a2b6e25 branch from ad541e2 to fc43bb5 Compare July 1, 2026 06:49
…ith 3 updates

Updates the requirements on [trame-vtk](https://github.com/Kitware/trame-vtk), [jupytext](https://github.com/jupytext/jupytext) and [ansys-fluent-core](https://github.com/ansys/pyfluent) to permit the latest version.

Updates `trame-vtk` to 2.11.12
- [Release notes](https://github.com/Kitware/trame-vtk/releases)
- [Changelog](https://github.com/Kitware/trame-vtk/blob/master/CHANGELOG.md)
- [Commits](Kitware/trame-vtk@v2.8.7...v2.11.12)

Updates `jupytext` from 1.19.3 to 1.19.4
- [Release notes](https://github.com/jupytext/jupytext/releases)
- [Changelog](https://github.com/jupytext/jupytext/blob/main/CHANGELOG.md)
- [Commits](jupytext/jupytext@v1.19.3...v1.19.4)

Updates `ansys-fluent-core` from 0.39.0 to 0.39.1
- [Release notes](https://github.com/ansys/pyfluent/releases)
- [Changelog](https://github.com/ansys/pyfluent/blob/main/CHANGELOG.md)
- [Commits](ansys/pyfluent@v0.39.0...v0.39.1)

---
updated-dependencies:
- dependency-name: ansys-fluent-core
  dependency-version: 0.39.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: general-dependencies
- dependency-name: jupytext
  dependency-version: 1.19.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: general-dependencies
- dependency-name: trame-vtk
  dependency-version: 2.11.12
  dependency-type: direct:production
  dependency-group: general-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/general-dependencies-ba4a2b6e25 branch from 6d8807c to 20dbe11 Compare July 1, 2026 06:54
Comment thread pyproject.toml
"websockets >= 12.0,< 17",
"trame >= 3.6.0,<4",
"trame-vtk >= 2.8.7,!= 2.8.16,< 2.11.10",
"trame-vtk >= 2.8.7,!= 2.8.16,< 2.11.13",

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Watch out @AlejandroFernandezLuces - confirm with PyVista here

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's close this PR. I'll open a new PR to test if installing pyvista[jupyter] works well here. It should handle this dependency:

https://github.com/pyvista/pyvista/blob/d91b8b7b9d7b07874a3d95c73a9790b67f5e0f58/pyproject.toml#L45-L54

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds good!

@dependabot @github

dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor Author

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot dependabot Bot deleted the dependabot/pip/general-dependencies-ba4a2b6e25 branch July 1, 2026 08:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Related with project dependencies maintenance Package and maintenance related

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants