Bump the pip group across 1 directory with 5 updates #10

dependabot · 2025-05-05T20:46:31Z

Bumps the pip group with 5 updates in the /tests/data directory:

Package	From	To
pyinstaller	`6.10.0`	`6.13.0`
certifi	`2020.6.20`	`2024.7.4`
idna	`2.9`	`3.7`
requests	`2.32.2`	`2.32.3`
urllib3	`1.26.19`	`2.4.0`

Updates pyinstaller from 6.10.0 to 6.13.0

Release notes

Sourced from pyinstaller's releases.

v6.13.0

Please see the v6.13.0 section of the changelog for a list of the changes since v6.12.0.

v6.12.0

Please see the v6.12.0 section of the changelog for a list of the changes since v6.11.1.

v6.11.1

Please see the v6.11.1 section of the changelog for a list of the changes since v6.11.0.

v6.11.0

Please see the v6.11.0 section of the changelog for a list of the changes since v6.10.0.

Changelog

Sourced from pyinstaller's changelog.

6.13.0 (2025-04-15)

Features


* (macOS) When assembling the executable, PyInstaller now modifies the
  Mach-O image UUID of all architecture slices in the executable, and
  sets them to a value derived from the hash of the embedded PKG archive
  and the original (bootloader's) UUID. This should ensure that different
  application executables have unique identifiers, as per
  `TN3178
  <https://developer.apple.com/documentation/technotes/tn3178-checking-for-and-resolving-build-uuid-problems>`_,
  which might be required by newer macOS features, such as
  `local network privacy
  <https://developer.apple.com/documentation/technotes/tn3179-understanding-local-network-privacy#Build-time-considerations>`_.
  (:issue:`9056`)
* Extend analysis code so that when extension module is encountered, it
  checks for the presence of an adjacent ``.py`` or ``.pyi`` file, and
  if present, attempt to perform import analysis on such accompanying
  source/interface file. (:issue:`9084`)
Bugfix

* (Windows) Fix (de)serialization of ``WORD``-typed fields in the
  ``VersionInfo`` structure - it should be using 16-bit unsigned integer
  format (``'H'``) instead of signed one (``'h'``). This, for example,
  fixes the ``struct.error: 'h' format requires -32768 &lt;= number &lt;= 32767``
  error when ``VersionInfo`` contains a ``VarFileInfo`` / ``VarStruct``
  entry with the code page set to 65001. (:issue:`9086`)
* Fix detection of ``setuptools``-vendored modules (i.e., not packages)
  in the ``PyInstaller.utils.hooks.setuptools.SetuptoolsInfo`` hook utility
  class; for example, the ``setuptools/_vendor/typing_extensions.py`` module.
  (:issue:`9102`)
Deprecations

</code></pre>

<ul>

<li>Onefile in combination with macOS's .app bundles will be blocked in v7.0.

Onefile app bundles are not really single file and are heavily penalised by

macOS's security scanning. Please use onedir mode instead. (:issue:<code>9049</code>)</li>

</ul>

<p>Hooks</p>

<pre><code>

Add hook for PyQt6.QtStateMachine that was introduced in PyQt6

&lt;/tr&gt;&lt;/table&gt;

</code></pre>

</blockquote>

<p>... (truncated)</p>

</details>

<details>

<summary>Commits</summary>

<ul>

<li><a href="https://github.com/pyinstaller/pyinstaller/commit/306d4d92580fea7be7ff2c89ba112cdc6f73fac1&quot;&gt;&lt;code&gt;306d4d9&lt;/code&gt;&lt;/a> Release v6.13.0. [skip ci]</li>

<li><a href="https://github.com/pyinstaller/pyinstaller/commit/c5eb50cfb41eae75c9afc5535cd633e349606c1b&quot;&gt;&lt;code&gt;c5eb50c&lt;/code&gt;&lt;/a> hookutils: setuptools: fix detection of vendored modules</li>

<li><a href="https://github.com/pyinstaller/pyinstaller/commit/4c2d04f436e3aa3194938cddf3520033674e0c22&quot;&gt;&lt;code&gt;4c2d04f&lt;/code&gt;&lt;/a> tests: skip incompatible tests when running under Termux</li>

<li><a href="https://github.com/pyinstaller/pyinstaller/commit/67eb3f5f3459a4beb63c3982d161d8d948d2ae0a&quot;&gt;&lt;code&gt;67eb3f5&lt;/code&gt;&lt;/a> compat: add is_termux flag</li>

<li><a href="https://github.com/pyinstaller/pyinstaller/commit/d403842f4a2ea52bb05771ff5ce8b8136a90f693&quot;&gt;&lt;code&gt;d403842&lt;/code&gt;&lt;/a> ci: add a CI workflow for Termux</li>

<li><a href="https://github.com/pyinstaller/pyinstaller/commit/9c8665913e0a5440cab29711fe07612435d34385&quot;&gt;&lt;code&gt;9c86659&lt;/code&gt;&lt;/a> tests: xfail test_reproducible_subsequent_builds for python &lt; 3.11 on linux</li>

<li><a href="https://github.com/pyinstaller/pyinstaller/commit/d29458f5468cec40cce3b5bcc4763a1067dfe5f9&quot;&gt;&lt;code&gt;d29458f&lt;/code&gt;&lt;/a> Tests: Requirements: Scheduled weekly dependency update for week 15 (<a href="https://redirect.github.com/pyinstaller/pyinstaller/issues/9097&quot;&gt;#9097&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/pyinstaller/pyinstaller/commit/97372400c13440c65d061bf4514c9f76fdae8480&quot;&gt;&lt;code&gt;9737240&lt;/code&gt;&lt;/a> bootloader: have onefile parent always pre-load system VC runtime DLLs</li>

<li><a href="https://github.com/pyinstaller/pyinstaller/commit/1b94ea1d64d83f4c5faafe2cda793e6834d4e768&quot;&gt;&lt;code&gt;1b94ea1&lt;/code&gt;&lt;/a> bootloader: perform onefile parent/child sync with POSIX semaphore</li>

<li><a href="https://github.com/pyinstaller/pyinstaller/commit/eb236fb4f05d1f0715602a3efdda530233aff8c9&quot;&gt;&lt;code&gt;eb236fb&lt;/code&gt;&lt;/a> Tests: Requirements: Scheduled weekly dependency update for week 14 (<a href="https://redirect.github.com/pyinstaller/pyinstaller/issues/9090&quot;&gt;#9090&lt;/a&gt;)&lt;/li>

<li>Additional commits viewable in <a href="https://github.com/pyinstaller/pyinstaller/compare/v6.10.0...v6.13.0&quot;&gt;compare view</a></li>

</ul>

</details>
<br />


Updates certifi from 2020.6.20 to 2024.7.4

Commits

bd81538 2024.07.04 (#295)
06a2cbf Bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 (#294)
13bba02 Bump actions/checkout from 4.1.6 to 4.1.7 (#293)
e8abcd0 Bump pypa/gh-action-pypi-publish from 1.8.14 to 1.9.0 (#292)
124f4ad 2024.06.02 (#291)
c2196ce --- (#290)
fefdeec Bump actions/checkout from 4.1.4 to 4.1.5 (#289)
3c5fb15 Bump actions/download-artifact from 4.1.6 to 4.1.7 (#286)
4a9569a Bump actions/checkout from 4.1.2 to 4.1.4 (#287)
1fc8086 Bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 (#288)
Additional commits viewable in compare view




Updates idna from 2.9 to 3.7

Release notes
Sourced from idna's releases.

v3.7
What's Changed

Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.
Full Changelog: https://github.com/kjd/idna/compare/v3.6...v3.7



Changelog
Sourced from idna's changelog.

3.7 (2024-04-11)
++++++++++++++++

Fix issue where specially crafted inputs to encode() could
take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.
3.6 (2023-11-25)
++++++++++++++++

Fix regression to include tests in source distribution.

3.5 (2023-11-24)
++++++++++++++++

Update to Unicode 15.1.0
String codec name is now "idna2008" as overriding the system codec
"idna" was not working.
Fix typing error for codec encoding
"setup.cfg" has been added for this release due to some downstream
lack of adherence to PEP 517. Should be removed in a future release
so please prepare accordingly.
Removed reliance on a symlink for the "idna-data" tool to comport
with PEP 517 and the Python Packaging User Guide for sdist archives.
Added security reporting protocol for project

Thanks Jon Ribbens, Diogo Teles Sant'Anna, Wu Tingfeng for contributions
to this release.
3.4 (2022-09-14)
++++++++++++++++

Update to Unicode 15.0.0
Migrate to pyproject.toml for build information (PEP 621)
Correct another instance where generic exception was raised instead of
IDNAError for malformed input
Source distribution uses zeroized file ownership for improved
reproducibility

Thanks to Seth Michael Larson for contributions to this release.
3.3 (2021-10-13)
++++++++++++++++

Update to Unicode 14.0.0
Update to in-line type annotations
Throw IDNAError exception correctly for some malformed input
Advertise support for Python 3.10
Improve testing regime on Github



... (truncated)


Commits

1d365e1 Release v3.7
c1b3154 Merge pull request #172 from kjd/optimize-contextj
0394ec7 Merge branch 'master' into optimize-contextj
cd58a23 Merge pull request #152 from elliotwutingfeng/dev
5beb28b More efficient resolution of joiner contexts
1b12148 Update ossf/scorecard-action to v2.3.1
d516b87 Update Github actions/checkout to v4
c095c75 Merge branch 'master' into dev
60a0a4c Fix typo in GitHub Actions workflow key
5918a0e Merge branch 'master' into dev
Additional commits viewable in compare view




Updates requests from 2.32.2 to 2.32.3

Release notes
Sourced from requests's releases.

v2.32.3
2.32.3 (2024-05-29)
Bugfixes

Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of
HTTPAdapter. (#6716)
Fixed issue where Requests started failing to run on Python versions compiled
without the ssl module. (#6724)




Changelog
Sourced from requests's changelog.

2.32.3 (2024-05-29)
Bugfixes

Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of
HTTPAdapter. (#6716)
Fixed issue where Requests started failing to run on Python versions compiled
without the ssl module. (#6724)




Commits

0e322af v2.32.3
e188799 Don't create default SSLContext if ssl module isn't present (#6724)
145b539 Merge pull request #6716 from sigmavirus24/bug/6715
b1d73dd Don't use default SSLContext with custom poolmanager kwargs
6badbac Update HISTORY.md
a62a2d3 Allow for overriding of specific pool key params
See full diff in compare view




Updates urllib3 from 1.26.19 to 2.4.0

Release notes
Sourced from urllib3's releases.

2.4.0
🚀 urllib3 is fundraising for HTTP/2 support
urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.
Thank you for your support.
Features

Applied PEP 639 by specifying the license fields in pyproject.toml. (#3522)
Updated exceptions to save and restore more properties during the pickle/serialization process. (#3567)
Added verify_flags option to create_urllib3_context with a default of VERIFY_X509_PARTIAL_CHAIN and VERIFY_X509_STRICT for Python 3.13+. (#3571)

Bugfixes

Fixed a bug with partial reads of streaming data in Emscripten. (#3555)

Misc

Switched to uv for installing development dependecies. (#3550)
Removed the multiple.intoto.jsonl asset from GitHub releases. Attestation of release files since v2.3.0 can be found on PyPI. (#3566)

2.3.0
🚀 urllib3 is fundraising for HTTP/2 support
urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.
Thank you for your support.
Features

Added HTTPResponse.shutdown() to stop any ongoing or future reads for a specific response. It calls shutdown(SHUT_RD) on the underlying socket. This feature was sponsored by LaunchDarkly. (urllib3/urllib3#2868)
Added support for JavaScript Promise Integration on Emscripten. This enables more efficient WebAssembly requests and streaming, and makes it possible to use in Node.js if you launch it as node --experimental-wasm-stack-switching. (urllib3/urllib3#3400)
Added the proxy_is_tunneling property to HTTPConnection and HTTPSConnection. (urllib3/urllib3#3285)
Added pickling support to NewConnectionError and NameResolutionError. (urllib3/urllib3#3480)

Bugfixes

Fixed an issue in debug logs where the HTTP version was rendering as "HTTP/11" instead of "HTTP/1.1". (urllib3/urllib3#3489)

Deprecations and Removals

Removed support for Python 3.8. (urllib3/urllib3#3492)

Full Changelog: https://github.com/urllib3/urllib3/compare/2.2.3...2.3.0
2.2.3
🚀 urllib3 is fundraising for HTTP/2 support


... (truncated)


Changelog
Sourced from urllib3's changelog.

2.4.0 (2025-04-10)
Features

Applied PEP 639 by specifying the license fields in pyproject.toml. ([#3522](https://github.com/urllib3/urllib3/issues/3522) <https://github.com/urllib3/urllib3/issues/3522>__)
Updated exceptions to save and restore more properties during the pickle/serialization process. ([#3567](https://github.com/urllib3/urllib3/issues/3567) <https://github.com/urllib3/urllib3/issues/3567>__)
Added verify_flags option to create_urllib3_context with a default of VERIFY_X509_PARTIAL_CHAIN and VERIFY_X509_STRICT for Python 3.13+. ([#3571](https://github.com/urllib3/urllib3/issues/3571) <https://github.com/urllib3/urllib3/issues/3571>__)

Bugfixes

Fixed a bug with partial reads of streaming data in Emscripten. ([#3555](https://github.com/urllib3/urllib3/issues/3555) <https://github.com/urllib3/urllib3/issues/3555>__)

Misc

Switched to uv for installing development dependecies. ([#3550](https://github.com/urllib3/urllib3/issues/3550) <https://github.com/urllib3/urllib3/issues/3550>__)
Removed the multiple.intoto.jsonl asset from GitHub releases. Attestation of release files since v2.3.0 can be found on PyPI. ([#3566](https://github.com/urllib3/urllib3/issues/3566) <https://github.com/urllib3/urllib3/issues/3566>__)

2.3.0 (2024-12-22)
Features

Added HTTPResponse.shutdown() to stop any ongoing or future reads for a specific response. It calls shutdown(SHUT_RD) on the underlying socket. This feature was sponsored by LaunchDarkly <https://opencollective.com/urllib3/contributions/815307>. ([#2868](https://github.com/urllib3/urllib3/issues/2868) <https://github.com/urllib3/urllib3/issues/2868>)
Added support for JavaScript Promise Integration on Emscripten. This enables more efficient WebAssembly
requests and streaming, and makes it possible to use in Node.js if you launch it as  node --experimental-wasm-stack-switching. ([#3400](https://github.com/urllib3/urllib3/issues/3400) <https://github.com/urllib3/urllib3/issues/3400>__)
Added the proxy_is_tunneling property to HTTPConnection and HTTPSConnection. ([#3285](https://github.com/urllib3/urllib3/issues/3285) <https://github.com/urllib3/urllib3/issues/3285>__)
Added pickling support to NewConnectionError and NameResolutionError. ([#3480](https://github.com/urllib3/urllib3/issues/3480) <https://github.com/urllib3/urllib3/issues/3480>__)

Bugfixes

Fixed an issue in debug logs where the HTTP version was rendering as "HTTP/11" instead of "HTTP/1.1". ([#3489](https://github.com/urllib3/urllib3/issues/3489) <https://github.com/urllib3/urllib3/issues/3489>__)

Deprecations and Removals

Removed support for Python 3.8. ([#3492](https://github.com/urllib3/urllib3/issues/3492) <https://github.com/urllib3/urllib3/issues/3492>__)

2.2.3 (2024-09-12)


... (truncated)


Commits

a5ff7ac Release 2.4.0
a135db2 Upgrade memray and coverage to fix macOS tests (#3589)
8f40e71 Upgrade the publishing action to get correct licensing info on PyPI (#3585)
3ff4e49 Add a link to the 2024 annual report (#3586)
75709c1 Set verify flags in create_urllib3_context (#3577)
5c8f82a Bump astral-sh/setup-uv from 5.3.0 to 5.4.1 (#3580)
42e90d8 Bump actions/setup-python from 5.4.0 to 5.5.0 (#3579)
3e8f2db Stop using Ubuntu 20.04 and 22.04 in CI (#3570)
e29db82 Update exceptions to have more of their attributes pickled (#3572)
f8a0c43 Add PyPy 3.11 to CI
Additional commits viewable in compare view




Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options


You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the pip group with 5 updates in the /__tests__/data directory: | Package | From | To | | --- | --- | --- | | [pyinstaller](https://github.com/pyinstaller/pyinstaller) | `6.10.0` | `6.13.0` | | [certifi](https://github.com/certifi/python-certifi) | `2020.6.20` | `2024.7.4` | | [idna](https://github.com/kjd/idna) | `2.9` | `3.7` | | [requests](https://github.com/psf/requests) | `2.32.2` | `2.32.3` | | [urllib3](https://github.com/urllib3/urllib3) | `1.26.19` | `2.4.0` | Updates `pyinstaller` from 6.10.0 to 6.13.0 - [Release notes](https://github.com/pyinstaller/pyinstaller/releases) - [Changelog](https://github.com/pyinstaller/pyinstaller/blob/develop/doc/CHANGES.rst) - [Commits](pyinstaller/pyinstaller@v6.10.0...v6.13.0) Updates `certifi` from 2020.6.20 to 2024.7.4 - [Commits](certifi/python-certifi@2020.06.20...2024.07.04) Updates `idna` from 2.9 to 3.7 - [Release notes](https://github.com/kjd/idna/releases) - [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst) - [Commits](kjd/idna@v2.9...v3.7) Updates `requests` from 2.32.2 to 2.32.3 - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](psf/requests@v2.32.2...v2.32.3) Updates `urllib3` from 1.26.19 to 2.4.0 - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](urllib3/urllib3@1.26.19...2.4.0) --- updated-dependencies: - dependency-name: pyinstaller dependency-version: 6.13.0 dependency-type: direct:production dependency-group: pip - dependency-name: certifi dependency-version: 2024.7.4 dependency-type: direct:production dependency-group: pip - dependency-name: idna dependency-version: '3.7' dependency-type: direct:production dependency-group: pip - dependency-name: requests dependency-version: 2.32.3 dependency-type: direct:production dependency-group: pip - dependency-name: urllib3 dependency-version: 2.4.0 dependency-type: direct:production dependency-group: pip ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels May 5, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the pip group across 1 directory with 5 updates #10

Bump the pip group across 1 directory with 5 updates #10

Uh oh!

v3.7

What's Changed

v2.32.3

2.32.3 (2024-05-29)

2.32.3 (2024-05-29)

2.4.0

🚀 urllib3 is fundraising for HTTP/2 support

Features

Bugfixes

Misc

2.3.0

🚀 urllib3 is fundraising for HTTP/2 support

Features

Bugfixes

Deprecations and Removals

2.2.3

🚀 urllib3 is fundraising for HTTP/2 support

2.4.0 (2025-04-10)

Features

Bugfixes

Misc

2.3.0 (2024-12-22)

Features

Bugfixes

Deprecations and Removals

Uh oh!

Uh oh!

Bump the pip group across 1 directory with 5 updates #10

Are you sure you want to change the base?

Bump the pip group across 1 directory with 5 updates #10

Uh oh!

Conversation

v6.13.0

v6.12.0

v6.11.1

v6.11.0

6.13.0 (2025-04-15)

v3.7

What's Changed

v2.32.3

2.32.3 (2024-05-29)

2.32.3 (2024-05-29)

2.4.0

🚀 urllib3 is fundraising for HTTP/2 support

Features

Bugfixes

Misc

2.3.0

🚀 urllib3 is fundraising for HTTP/2 support

Features

Bugfixes

Deprecations and Removals

2.2.3

🚀 urllib3 is fundraising for HTTP/2 support

2.4.0 (2025-04-10)

Features

Bugfixes

Misc

2.3.0 (2024-12-22)

Features

Bugfixes

Deprecations and Removals

Uh oh!

Uh oh!