Skip to content

build(deps): bump the patches group across 1 directory with 8 updates#96

Merged
github-actions[bot] merged 2 commits into
mainfrom
dependabot/pip/patches-bb36cca643
Jul 3, 2026
Merged

build(deps): bump the patches group across 1 directory with 8 updates#96
github-actions[bot] merged 2 commits into
mainfrom
dependabot/pip/patches-bb36cca643

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor

Bumps the patches group with 8 updates in the / directory:

Package From To
boto3 1.43.31 1.43.40
ruff 0.15.17 0.15.20
boto3-stubs 1.43.31 1.43.39
zensical 0.0.45 0.0.46
mkdocstrings-python 2.0.4 2.0.5
botocore 1.43.31 1.43.40
pydantic-settings 2.14.1 2.14.2
wrapt 2.2.1 2.2.2

Updates boto3 from 1.43.31 to 1.43.40

Commits
  • dd59a59 Merge branch 'release-1.43.40'
  • b416ca0 Bumping version to 1.43.40
  • b228d05 Add changelog entries from botocore
  • 121db7a Merge branch 'release-1.43.39'
  • 00141f6 Merge branch 'release-1.43.39' into develop
  • 310317d Bumping version to 1.43.39
  • ff7c1cf Add changelog entries from botocore
  • 805c683 Update CODEOWNERS to shared Python SDK and CLI team (#4809)
  • efcfb65 Merge branch 'release-1.43.38'
  • d7aa957 Merge branch 'release-1.43.38' into develop
  • Additional commits viewable in compare view

Updates ruff from 0.15.17 to 0.15.20

Release notes

Sourced from ruff's releases.

0.15.20

Release Notes

Released on 2026-06-25.

Preview features

  • Allow human-readable names in rule selectors (#25887)
  • Emit a warning instead of an error for unknown rule selectors (#26113)
  • Match noqa shebang handling in ruff:ignore comments (#26286)
  • [ruff] Remove pytest-fixture-autouse (RUF076) (#26240, #26371)

Documentation

  • Add versioning sections to custom crate READMEs (#26317)
  • Update ruff_python_parser README for crates.io (#26315)
  • [perflint] Clarify that PERF402 applies to any iterable (#26242)

Contributors

Install ruff 0.15.20

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ruff/releases/download/0.15.20/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/ruff/releases/download/0.15.20/ruff-installer.ps1 | iex"

Download ruff 0.15.20

File Platform Checksum
ruff-aarch64-apple-darwin.tar.gz Apple Silicon macOS checksum
ruff-x86_64-apple-darwin.tar.gz Intel macOS checksum
ruff-aarch64-pc-windows-msvc.zip ARM64 Windows checksum
ruff-i686-pc-windows-msvc.zip x86 Windows checksum
ruff-x86_64-pc-windows-msvc.zip x64 Windows checksum
ruff-aarch64-unknown-linux-gnu.tar.gz ARM64 Linux checksum
ruff-i686-unknown-linux-gnu.tar.gz x86 Linux checksum

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.20

Released on 2026-06-25.

Preview features

  • Allow human-readable names in rule selectors (#25887)
  • Emit a warning instead of an error for unknown rule selectors (#26113)
  • Match noqa shebang handling in ruff:ignore comments (#26286)
  • [ruff] Remove pytest-fixture-autouse (RUF076) (#26240, #26371)

Documentation

  • Add versioning sections to custom crate READMEs (#26317)
  • Update ruff_python_parser README for crates.io (#26315)
  • [perflint] Clarify that PERF402 applies to any iterable (#26242)

Contributors

0.15.19

Released on 2026-06-23.

Preview features

  • Support human-readable names when hovering suppression comments and in code actions (#26114)

Bug fixes

  • Fall back to default settings when editor-only settings are invalid (#26244)
  • Fix panic when inserting text at a notebook cell boundary (#26111)

Rule changes

  • [pylint] Update fix suggestions for __floor__, __trunc__, __length_hint__, and __matmul__ variants (PLC2801) (#26239)

Performance

  • Avoid allocating when parsing single string literals (#26200)
  • Avoid reallocating singleton call arguments (#26223)
  • Lazily create source files for lint diagnostics (#26226)
  • Optimize formatter text width and indentation (#26236)
  • Reserve capacity for builtin bindings (#26229)
  • Skip repeated-key checks for singleton dictionaries (#26228)
  • Use ArrayVec for qualified name segments (#26224)

... (truncated)

Commits
  • f82a36b Bump 0.15.20 (#26376)
  • af32943 Improve the summarise-ecosystem-results skill (#26378)
  • 485ebab Remove RUF076 name from schema (#26371)
  • ef81835 [ty] Implement rust-analyzer's "Click for full compiler diagnostic" feature (...
  • 572b31e [ruff] Remove pytest-fixture-autouse (RUF076) (#26240)
  • f703f21 Allow human-readable names in rule selectors (#25887)
  • 0d726b2 [ty] Reuse equality semantics for membership compatibility (#25955)
  • dbe6e98 [ty] Infer definite equality comparison results (#26337)
  • e700ea3 [ty] Prove TypedDict structural patterns exhaustive (#26285)
  • 6a0d2ec [ty] Widen inferred class-valued instance attributes (#26338)
  • Additional commits viewable in compare view

Updates boto3-stubs from 1.43.31 to 1.43.39

Release notes

Sourced from boto3-stubs's releases.

8.8.0 - Python 3.8 runtime is back

Changed

  • [services] install_requires section is calculated based on dependencies in use, so typing-extensions version is set properly
  • [all] Replaced typing imports with collections.abc with a fallback to typing for Python <3.9
  • [all] Added aliases for builtins.list, builtins.set, builtins.dict, and builtins.type, so Python 3.8 runtime should work as expected again (reported by @​YHallouard in #340 and @​Omri-Ben-Yair in #336)
  • [all] Unions use the same type annotations as the rest of the structures due to proper fallbacks

Fixed

  • [services] Universal input/output shapes were not replaced properly in service subresources
  • [docs] Simplified doc links rendering for services
  • [services] Cleaned up unnecessary imports in client.pyi
  • [builder] Import records with fallback are always rendered
Commits

Updates zensical from 0.0.45 to 0.0.46

Release notes

Sourced from zensical's releases.

0.0.46

Summary

This version improves search result quality and includes several bug fixes and refactorings.

Search excerpts

Search results now include excerpts, making it easier to understand why a result matches. Search remains fully client-side and as fast as before, even for projects with thousands of pages. We still consider search an active area of iteration and expect to further improve it and expose more configuration options over time.

Try it in our documentation!

User interface

The user interface is updated to v0.0.19, which includes several navigation and interaction fixes. Search highlighting now ignores single-character tokens, which avoids noisy matches like highlighting every e for queries such as e-mail. Instant previews now include a hover bridge so moving the cursor from a link to the tooltip no longer drops the popup across the visual gap.

Dependencies were also updated, including TypeScript 6 and SVGO 4 compatibility adjustments. 83 new icons were added, 2 icons were removed, and 19 icons were modified. The Lucide icon set was updated to version v1.21.0.

Validation defaults

The validation options unresolved_references, unresolved_footnotes, unused_definitions, unused_footnotes, shadowed_definitions, and shadowed_footnotes are now disabled by default. These checks remain available when explicitly enabled, but they have proven too unstable in edge cases with the current reference parser. They will eventually be superseded by the higher-fidelity parser that is already used by Zensical Studio and is planned for Open Source release and later integration into Zensical.

Changelog

Bug fixes

  • aeb31ad ui – update ui to v0.0.19
  • 61b6d05 compat – preserve small tags in generated search index
  • edb0878 zensical – search path segment is empty when title is sourced from section index page
  • 909f973 compat – don't crash on invalid URLs in HTML (#755)
  • e6b55fe compat – strip images from toc labels (#749)
  • 0f11c7f – update pyo3 to 0.29.0 to mitigate 2 vulnerabilities

Refactorings

  • e4a370f zensical, compat – change several validation defaults to false (#758)
Commits
  • c76960e chore: release v0.0.46
  • 5533aba Merge pull request #761 from zensical/chore/update-ui
  • aeb31ad fix: update ui to v0.0.19
  • fb4637c chore: update .mono.toml to account for configuration changes
  • 61b6d05 fix: preserve small tags in generated search index
  • edb0878 fix: search path segment is empty when title is sourced from section index page
  • e4a370f refactor: change several validation defaults to false (#758)
  • 909f973 fix: don't crash on invalid URLs in HTML (#755)
  • e6b55fe fix: strip images from toc labels (#749)
  • 0f11c7f fix: update pyo3 to 0.29.0 to mitigate 2 vulnerabilities
  • See full diff in compare view

Updates mkdocstrings-python from 2.0.4 to 2.0.5

Release notes

Sourced from mkdocstrings-python's releases.

2.0.5

2.0.5 - 2026-06-19

Compare with 2.0.4

Bug Fixes

  • Allow relative cross-references to work in summaries (abe2888 by Timothée Mazzucotelli). Issue-331
  • Always display attribute values as they're written in the source (0334131 by Timothée Mazzucotelli). Issue-311
Changelog

Sourced from mkdocstrings-python's changelog.

2.0.5 - 2026-06-19

Compare with 2.0.4

Bug Fixes

  • Allow relative cross-references to work in summaries (abe2888 by Timothée Mazzucotelli). Issue-331
  • Always display attribute values as they're written in the source (0334131 by Timothée Mazzucotelli). Issue-311
Commits
  • 1670ecb chore: Prepare release 2.0.5
  • abe2888 fix: Allow relative cross-references to work in summaries
  • 0334131 fix: Always display attribute values as they're written in the source
  • 39311c7 docs: Lint docs
  • 835a406 chore: Never fail type-checking (maintenance mode)
  • See full diff in compare view

Updates botocore from 1.43.31 to 1.43.40

Commits
  • c1894c1 Merge branch 'release-1.43.40'
  • fc560a4 Bumping version to 1.43.40
  • 420c584 Update endpoints model
  • e00fad7 Update to latest models
  • 3f29544 Merge branch 'release-1.43.39'
  • db6ca71 Merge branch 'release-1.43.39' into develop
  • 97d313f Bumping version to 1.43.39
  • bcfbd50 Update endpoints model
  • 0813a0f Update to latest models
  • ea9157a Update CODEOWNERS to shared Python SDK and CLI team (#3740)
  • Additional commits viewable in compare view

Updates pydantic-settings from 2.14.1 to 2.14.2

Release notes

Sourced from pydantic-settings's releases.

v2.14.2

What's Changed

This is a security patch release.

Security

Fixes GHSA-4xgf-cpjx-pc3j: NestedSecretsSettingsSource with secrets_nested_subdir=True could follow a symbolic link inside secrets_dir pointing outside it, reading out-of-tree files into settings values and bypassing the secrets_dir_max_size cap. Affected versions: >= 2.12.0, < 2.14.2.

Full Changelog: pydantic/pydantic-settings@v2.14.1...v2.14.2

Commits

Updates wrapt from 2.2.1 to 2.2.2

Release notes

Sourced from wrapt's releases.

wrapt 2.2.2

Full release notes: https://wrapt.readthedocs.io/en/latest/changes.html#version-2-2-2

Install from PyPi (recommended):

pip install wrapt==2.2.2

PyPi uploads follow each GitHub release; if pip reports the version is unavailable, the matching PyPi upload may not have happened yet.

Pre-built wheels are provided for a range of Python versions and platforms (Linux x86_64/aarch64/riscv64, macOS x86_64 and arm64, Windows x86_64 and arm64, plus PyPy and free-threaded builds). The source distribution is also attached together with SHA256SUMS for verification.

wrapt 2.2.2rc3

Release candidate. Release notes for the upcoming 2.2.2 final (work in progress): https://wrapt.readthedocs.io/en/latest/changes.html#version-2-2-2

May be installable from PyPi:

pip install wrapt==2.2.2rc3

If pip reports the version is unavailable, this candidate either has not been uploaded yet or is not being published to PyPi. Use the attached wheels or build from the source distribution instead:

tar xf wrapt-2.2.2rc3.tar.gz
cd wrapt-2.2.2rc3
pip install .

SHA256SUMS is attached for verification of the archives.

wrapt 2.2.2rc2

Release candidate. Release notes for the upcoming 2.2.2 final (work in progress): https://wrapt.readthedocs.io/en/latest/changes.html#version-2-2-2

May be installable from PyPi:

pip install wrapt==2.2.2rc2

If pip reports the version is unavailable, this candidate either has not been uploaded yet or is not being published to PyPi. Use the attached wheels or build from the source distribution instead:

tar xf wrapt-2.2.2rc2.tar.gz

... (truncated)

Changelog

Sourced from wrapt's changelog.

Version 2.2.2

Bugs Fixed

  • When @wrapt.lru_cache was applied to an instance method that was overridden in a subclass, and the subclass method called the base class method via super(), a RecursionError was raised instead of the base class method being invoked. The per-instance cache for each method was stored as an attribute on the instance whose name was derived only from the method __name__, so the base and derived methods shared a single cache slot. The subclass cache was therefore found again when the base method was reached through super(), re-entering the subclass body and recursing without end. The cache attribute name now incorporates a unique identifier for each decorated method so that a base method and a method that overrides it use distinct per-instance caches. With thanks to the reporter of issue [#342](https://github.com/GrahamDumpleton/wrapt/issues/342) <https://github.com/GrahamDumpleton/wrapt/issues/342>_.

  • When @wrapt.lru_cache was applied to a method of a class deriving from wrapt.ObjectProxy, the per-instance cache was stored on the wrapped object rather than on the proxy. This is because the proxy __setattr__ forwards attribute assignment to the wrapped object for any name that is not a recognised proxy attribute, and the cache attribute name was not one. Storing the cache on the wrapped object had several consequences: the wrapped object was polluted with cache attributes it never defined; the cache held a reference back to the proxy through the bound method it wrapped, so a wrapped object that outlived the proxy kept the proxy alive and prevented its collection; wrapping an object that does not accept arbitrary attributes, such as one using __slots__, caused the first cached call to fail with an AttributeError; and two proxies sharing a single wrapped object shared one cache and could return results computed for the wrong proxy. The cache attribute is now stored on the proxy itself using the proxy __self_setattr__ method when the instance is a wrapt object proxy, falling back to setattr for ordinary instances.

Commits
  • 0ae09fd Merge branch 'release/2.2.2'
  • 86db7a9 Update to 2.2.2 for final release.
  • 6deda43 Update to 2.2.2rc3.
  • 9c48a1e Constrain lru_cache proxy detection to BaseObjectProxy subclasses.
  • 4053838 Update version to 2.2.2rc2.
  • 99bf4ef Store lru_cache per-instance cache on object proxy not wrapped object.
  • 0e862fb Document pickling instances with lru_cache decorated methods.
  • 73dca57 Add lru_cache tests for overridden methods calling super().
  • beead5c Fix lru_cache recursion for overridden methods calling super().
  • fbf2fc1 Document pure Python failure mode for ObjectProxy + ABCMeta mixin.
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Jun 29, 2026
@github-actions github-actions Bot enabled auto-merge (squash) June 29, 2026 13:13
@github-actions

github-actions Bot commented Jun 29, 2026

Copy link
Copy Markdown

🏗️ CDK infra diff — PR vs main

ServerlessApp-us-east-1-stage/ServerlessAppBackend-us-east-1
Stack ServerlessApp-us-east-1-stage/ServerlessAppBackend-us-east-1 (ServerlessAppBackend-us-east-1)
Resources
[-] AWS::Lambda::Version ServerlessAppBackend-us-east-1/App/ApiFunction/CurrentVersion AppApiFunctionCurrentVersion01C510ACcf36896e7272a2ee427a8e60658779ec destroy
[+] AWS::Lambda::Version ServerlessAppBackend-us-east-1/App/ApiFunction/CurrentVersion AppApiFunctionCurrentVersion01C510ACb1a79d5a2fba8d9517f5982c6ce8bdbc
[~] AWS::Lambda::Function ServerlessAppBackend-us-east-1/App/ApiFunction AppApiFunctionDE515850
 ├─ [~] Code
 │   └─ [~] .S3Key:
 │       ├─ [-] 941f28ae4a29764ca3abd1d5b2cf02747782d9531dfa8d8b463c2a8aaee441a6.zip
 │       └─ [+] f6534a2a8ab96e0edd8114ecf98164c09c689cd8cc74dd6feac92815e0b22eea.zip
 └─ [~] Metadata
     └─ [~] .aws:asset:path:
         ├─ [-] ../asset.941f28ae4a29764ca3abd1d5b2cf02747782d9531dfa8d8b463c2a8aaee441a6
         └─ [+] ../asset.f6534a2a8ab96e0edd8114ecf98164c09c689cd8cc74dd6feac92815e0b22eea
[~] AWS::Lambda::Alias ServerlessAppBackend-us-east-1/App/LiveAlias AppLiveAlias3872472E
 └─ [~] FunctionVersion
     └─ [~] .Fn::GetAtt:
         └─ @@ -1,4 +1,4 @@
            [ ] [
            [-]   "AppApiFunctionCurrentVersion01C510ACcf36896e7272a2ee427a8e60658779ec",
            [+]   "AppApiFunctionCurrentVersion01C510ACb1a79d5a2fba8d9517f5982c6ce8bdbc",
            [ ]   "Version"
            [ ] ]



✨  Number of stacks with differences: 1

@dependabot dependabot Bot force-pushed the dependabot/pip/patches-bb36cca643 branch from 528a7cc to 9eabd39 Compare July 3, 2026 01:26
Bumps the patches group with 8 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [boto3](https://github.com/boto/boto3) | `1.43.31` | `1.43.40` |
| [ruff](https://github.com/astral-sh/ruff) | `0.15.17` | `0.15.20` |
| [boto3-stubs](https://github.com/youtype/mypy_boto3_builder) | `1.43.31` | `1.43.39` |
| [zensical](https://github.com/zensical/zensical) | `0.0.45` | `0.0.46` |
| [mkdocstrings-python](https://github.com/mkdocstrings/python) | `2.0.4` | `2.0.5` |
| [botocore](https://github.com/boto/botocore) | `1.43.31` | `1.43.40` |
| [pydantic-settings](https://github.com/pydantic/pydantic-settings) | `2.14.1` | `2.14.2` |
| [wrapt](https://github.com/GrahamDumpleton/wrapt) | `2.2.1` | `2.2.2` |



Updates `boto3` from 1.43.31 to 1.43.40
- [Release notes](https://github.com/boto/boto3/releases)
- [Commits](boto/boto3@1.43.31...1.43.40)

Updates `ruff` from 0.15.17 to 0.15.20
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.17...0.15.20)

Updates `boto3-stubs` from 1.43.31 to 1.43.39
- [Release notes](https://github.com/youtype/mypy_boto3_builder/releases)
- [Commits](https://github.com/youtype/mypy_boto3_builder/commits)

Updates `zensical` from 0.0.45 to 0.0.46
- [Release notes](https://github.com/zensical/zensical/releases)
- [Commits](zensical/zensical@v0.0.45...v0.0.46)

Updates `mkdocstrings-python` from 2.0.4 to 2.0.5
- [Release notes](https://github.com/mkdocstrings/python/releases)
- [Changelog](https://github.com/mkdocstrings/python/blob/main/CHANGELOG.md)
- [Commits](mkdocstrings/python@2.0.4...2.0.5)

Updates `botocore` from 1.43.31 to 1.43.40
- [Commits](boto/botocore@1.43.31...1.43.40)

Updates `pydantic-settings` from 2.14.1 to 2.14.2
- [Release notes](https://github.com/pydantic/pydantic-settings/releases)
- [Commits](pydantic/pydantic-settings@v2.14.1...v2.14.2)

Updates `wrapt` from 2.2.1 to 2.2.2
- [Release notes](https://github.com/GrahamDumpleton/wrapt/releases)
- [Changelog](https://github.com/GrahamDumpleton/wrapt/blob/develop/docs/changes.rst)
- [Commits](GrahamDumpleton/wrapt@2.2.1...2.2.2)

---
updated-dependencies:
- dependency-name: boto3
  dependency-version: 1.43.36
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patches
- dependency-name: boto3-stubs
  dependency-version: 1.43.36
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: patches
- dependency-name: botocore
  dependency-version: 1.43.36
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patches
- dependency-name: mkdocstrings-python
  dependency-version: 2.0.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: patches
- dependency-name: pydantic-settings
  dependency-version: 2.14.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patches
- dependency-name: ruff
  dependency-version: 0.15.20
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: patches
- dependency-name: wrapt
  dependency-version: 2.2.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patches
- dependency-name: zensical
  dependency-version: 0.0.46
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: patches
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/patches-bb36cca643 branch from 9eabd39 to 3f881a7 Compare July 3, 2026 01:31
@github-actions github-actions Bot merged commit b206274 into main Jul 3, 2026
8 checks passed
@dependabot dependabot Bot deleted the dependabot/pip/patches-bb36cca643 branch July 3, 2026 02:32
timpugh added a commit that referenced this pull request Jul 3, 2026
The last member of Dependabot's patches group (#96) whose lockfile-only
bump the old deps-merge re-lock reverted; landed directly with
uv lock --upgrade-package, same as the cryptography/pydantic-settings
fix.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant