chore(deps): bump the pip group across 5 directories with 4 updates #125

dependabot · 2025-10-28T21:27:59Z

Bumps the pip group with 3 updates in the / directory: requests, setuptools and urllib3.
Bumps the pip group with 3 updates in the /projects/ecoindex_api directory: requests, setuptools and urllib3.
Bumps the pip group with 3 updates in the /projects/ecoindex_cli directory: requests, pillow and urllib3.
Bumps the pip group with 2 updates in the /projects/ecoindex_compute directory: requests and urllib3.
Bumps the pip group with 1 update in the /projects/ecoindex_scraper directory: setuptools.

Updates requests from 2.32.3 to 2.32.4

Release notes

Sourced from requests's releases.

v2.32.4

2.32.4 (2025-06-10)

Security

CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file. (#6965)

Improvements

Numerous documentation improvements

Deprecations

Added support for pypy 3.11 for Linux and macOS. (#6926)

Dropped support for pypy 3.9 following its end of support. (#6926)

Changelog

Sourced from requests's changelog.

2.32.4 (2025-06-10)

Security

CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file.

Improvements

Numerous documentation improvements

Deprecations

Added support for pypy 3.11 for Linux and macOS.

Dropped support for pypy 3.9 following its end of support.

Commits

021dc72 Polish up release tooling for last manual release
821770e Bump version and add release notes for v2.32.4
59f8aa2 Add netrc file search information to authentication documentation (#6876)
5b4b64c Add more tests to prevent regression of CVE 2024 47081
7bc4587 Add new test to check netrc auth leak (#6962)
96ba401 Only use hostname to do netrc lookup instead of netloc
7341690 Merge pull request #6951 from tswast/patch-1
6716d7c remove links
a7e1c74 Update docs/conf.py
c799b81 docs: fix dead links to kenreitz.org
Additional commits viewable in compare view

Updates setuptools from 74.1.3 to 78.1.1

Changelog

Sourced from setuptools's changelog.

v78.1.1

Bugfixes

More fully sanitized the filename in PackageIndex._download. (#4946)

v78.1.0

Features

Restore access to _get_vc_env with a warning. (#4874)

v78.0.2

Bugfixes

Postponed removals of deprecated dash-separated and uppercase fields in setup.cfg. All packages with deprecated configurations are advised to move before 2026. (#4911)

v78.0.1

Misc

#4909

v78.0.0

Bugfixes

Reverted distutils changes that broke the monkey patching of command classes. (#4902)

Deprecations and Removals

Setuptools no longer accepts options containing uppercase or dash characters in setup.cfg.

... (truncated)

Commits

8e4868a Bump version: 78.1.0 → 78.1.1
100e9a6 Merge pull request #4951
8faf1d7 Add news fragment.
2ca4a9f Rely on re.sub to perform the decision in one expression.
e409e80 Extract _sanitize method for sanitizing the filename.
250a6d1 Add a check to ensure the name resolves relative to the tmpdir.
d8390fe Extract _resolve_download_filename with test.
4e1e893 Merge https://github.com/jaraco/skeleton
3a3144f Fix typo: pyproject.license -> project.license (#4931)
d751068 Fix typo: pyproject.license -> project.license
Additional commits viewable in compare view

Updates urllib3 from 2.4.0 to 2.5.0

Release notes

Sourced from urllib3's releases.

2.5.0

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Security issues

urllib3 2.5.0 fixes two moderate security issues:

Pool managers now properly control redirects when retries is passed — CVE-2025-50181 reported by @sandumjacob (5.3 Medium, GHSA-pq67-6m6q-mj2v)

Redirects are now controlled by urllib3 in the Node.js runtime — CVE-2025-50182 (5.3 Medium, GHSA-48p4-8xcf-vxj5)

Features

Added support for the compression.zstd module that is new in Python 3.14. See PEP 784 for more information. (#3610)

Added support for version 0.5 of hatch-vcs (#3612)

Bugfixes

Raised exception for HTTPResponse.shutdown on a connection already released to the pool. (#3581)

Fixed incorrect CONNECT statement when using an IPv6 proxy with connection_from_host. Previously would not be wrapped in []. (#3615)

Changelog

Sourced from urllib3's changelog.

2.5.0 (2025-06-18)

Features

Added support for the compression.zstd module that is new in Python 3.14. See PEP 784 <https://peps.python.org/pep-0784/>_ for more information. ([#3610](https://github.com/urllib3/urllib3/issues/3610) <https://github.com/urllib3/urllib3/issues/3610>__)

Added support for version 0.5 of hatch-vcs ([#3612](https://github.com/urllib3/urllib3/issues/3612) <https://github.com/urllib3/urllib3/issues/3612>__)

Bugfixes

Fixed a security issue where restricting the maximum number of followed redirects at the urllib3.PoolManager level via the retries parameter did not work.

Made the Node.js runtime respect redirect parameters such as retries and redirects.

Raised exception for HTTPResponse.shutdown on a connection already released to the pool. ([#3581](https://github.com/urllib3/urllib3/issues/3581) <https://github.com/urllib3/urllib3/issues/3581>__)

Fixed incorrect CONNECT statement when using an IPv6 proxy with connection_from_host. Previously would not be wrapped in []. ([#3615](https://github.com/urllib3/urllib3/issues/3615) <https://github.com/urllib3/urllib3/issues/3615>__)

Commits

aaab4ec Release 2.5.0
7eb4a2a Merge commit from fork
f05b132 Merge commit from fork
d03fe32 Fix HTTP tunneling with IPv6 in older Python versions
11661e9 Bump github/codeql-action from 3.28.0 to 3.29.0 (#3624)
6a0ecc6 Update v2 migration guide to 2.4.0 (#3621)
8e32e60 Raise exception for shutdown on a connection already released to the pool (#3...
9996e0f Fix emscripten CI for Chrome 137+ (#3599)
4fd1a99 Bump RECENT_DATE (#3617)
c4b5917 Add support for the new compression.zstd module in Python 3.14 (#3611)
Additional commits viewable in compare view

Updates requests from 2.32.3 to 2.32.4

Release notes

Sourced from requests's releases.

v2.32.4

2.32.4 (2025-06-10)

Security

CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file. (#6965)

Improvements

Numerous documentation improvements

Deprecations

Added support for pypy 3.11 for Linux and macOS. (#6926)

Dropped support for pypy 3.9 following its end of support. (#6926)

Changelog

Sourced from requests's changelog.

2.32.4 (2025-06-10)

Security

CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file.

Improvements

Numerous documentation improvements

Deprecations

Added support for pypy 3.11 for Linux and macOS.

Dropped support for pypy 3.9 following its end of support.

Commits

021dc72 Polish up release tooling for last manual release
821770e Bump version and add release notes for v2.32.4
59f8aa2 Add netrc file search information to authentication documentation (#6876)
5b4b64c Add more tests to prevent regression of CVE 2024 47081
7bc4587 Add new test to check netrc auth leak (#6962)
96ba401 Only use hostname to do netrc lookup instead of netloc
7341690 Merge pull request #6951 from tswast/patch-1
6716d7c remove links
a7e1c74 Update docs/conf.py
c799b81 docs: fix dead links to kenreitz.org
Additional commits viewable in compare view

Updates setuptools from 75.9.1 to 78.1.1

Changelog

Sourced from setuptools's changelog.

v78.1.1

Bugfixes

More fully sanitized the filename in PackageIndex._download. (#4946)

v78.1.0

Features

Restore access to _get_vc_env with a warning. (#4874)

v78.0.2

Bugfixes

Postponed removals of deprecated dash-separated and uppercase fields in setup.cfg. All packages with deprecated configurations are advised to move before 2026. (#4911)

v78.0.1

Misc

#4909

v78.0.0

Bugfixes

Reverted distutils changes that broke the monkey patching of command classes. (#4902)

Deprecations and Removals

Setuptools no longer accepts options containing uppercase or dash characters in setup.cfg.

... (truncated)

Commits

8e4868a Bump version: 78.1.0 → 78.1.1
100e9a6 Merge pull request #4951
8faf1d7 Add news fragment.
2ca4a9f Rely on re.sub to perform the decision in one expression.
e409e80 Extract _sanitize method for sanitizing the filename.
250a6d1 Add a check to ensure the name resolves relative to the tmpdir.
d8390fe Extract _resolve_download_filename with test.
4e1e893 Merge https://github.com/jaraco/skeleton
3a3144f Fix typo: pyproject.license -> project.license (#4931)
d751068 Fix typo: pyproject.license -> project.license
Additional commits viewable in compare view

Updates urllib3 from 2.4.0 to 2.5.0

Release notes

Sourced from urllib3's releases.

2.5.0

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Security issues

urllib3 2.5.0 fixes two moderate security issues:

Pool managers now properly control redirects when retries is passed — CVE-2025-50181 reported by @sandumjacob (5.3 Medium, GHSA-pq67-6m6q-mj2v)

Redirects are now controlled by urllib3 in the Node.js runtime — CVE-2025-50182 (5.3 Medium, GHSA-48p4-8xcf-vxj5)

Features

Added support for the compression.zstd module that is new in Python 3.14. See PEP 784 for more information. (#3610)

Added support for version 0.5 of hatch-vcs (#3612)

Bugfixes

Raised exception for HTTPResponse.shutdown on a connection already released to the pool. (#3581)

Fixed incorrect CONNECT statement when using an IPv6 proxy with connection_from_host. Previously would not be wrapped in []. (#3615)

Changelog

Sourced from urllib3's changelog.

2.5.0 (2025-06-18)

Features

Added support for the compression.zstd module that is new in Python 3.14. See PEP 784 <https://peps.python.org/pep-0784/>_ for more information. ([#3610](https://github.com/urllib3/urllib3/issues/3610) <https://github.com/urllib3/urllib3/issues/3610>__)

Added support for version 0.5 of hatch-vcs ([#3612](https://github.com/urllib3/urllib3/issues/3612) <https://github.com/urllib3/urllib3/issues/3612>__)

Bugfixes

Fixed a security issue where restricting the maximum number of followed redirects at the urllib3.PoolManager level via the retries parameter did not work.

Made the Node.js runtime respect redirect parameters such as retries and redirects.

Raised exception for HTTPResponse.shutdown on a connection already released to the pool. ([#3581](https://github.com/urllib3/urllib3/issues/3581) <https://github.com/urllib3/urllib3/issues/3581>__)

Fixed incorrect CONNECT statement when using an IPv6 proxy with connection_from_host. Previously would not be wrapped in []. ([#3615](https://github.com/urllib3/urllib3/issues/3615) <https://github.com/urllib3/urllib3/issues/3615>__)

Commits

aaab4ec Release 2.5.0
7eb4a2a Merge commit from fork
f05b132 Merge commit from fork
d03fe32 Fix HTTP tunneling with IPv6 in older Python versions
11661e9 Bump github/codeql-action from 3.28.0 to 3.29.0 (#3624)
6a0ecc6 Update v2 migration guide to 2.4.0 (#3621)
8e32e60 Raise exception for shutdown on a connection already released to the pool (#3...
9996e0f Fix emscripten CI for Chrome 137+ (#3599)
4fd1a99 Bump RECENT_DATE (#3617)
c4b5917 Add support for the new compression.zstd module in Python 3.14 (#3611)
Additional commits viewable in compare view

Updates requests from 2.32.3 to 2.32.4

Release notes

Sourced from requests's releases.

v2.32.4

2.32.4 (2025-06-10)

Security

CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file. (#6965)

Improvements

Numerous documentation improvements

Deprecations

Added support for pypy 3.11 for Linux and macOS. (#6926)

Dropped support for pypy 3.9 following its end of support. (#6926)

Changelog

Sourced from requests's changelog.

2.32.4 (2025-06-10)

Security

CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file.

Improvements

Numerous documentation improvements

Deprecations

Added support for pypy 3.11 for Linux and macOS.

Dropped support for pypy 3.9 following its end of support.

Commits

021dc72 Polish up release tooling for last manual release
821770e Bump version and add release notes for v2.32.4
59f8aa2 Add netrc file search information to authentication documentation (#6876)
5b4b64c Add more tests to prevent regression of CVE 2024 47081
7bc4587 Add new test to check netrc auth leak (#6962)
96ba401 Only use hostname to do netrc lookup instead of netloc
7341690 Merge pull request #6951 from tswast/patch-1
6716d7c remove links
a7e1c74 Update docs/conf.py
c799b81 docs: fix dead links to kenreitz.org
Additional commits viewable in compare view

Updates pillow from 11.2.1 to 11.3.0

Release notes

Sourced from pillow's releases.

11.3.0

https://pillow.readthedocs.io/en/stable/releasenotes/11.3.0.html

Deprecations

Deprecate fromarray mode argument #9018 [@radarhere]

Deprecate saving I mode images as PNG #9023 [@radarhere]

Documentation

Added release notes for #9041 #9042 [@radarhere]

Add release notes for #8912 and #8969 #9019 [@radarhere]

ImageFont does not handle multiline text #9000 [@radarhere]

Updated Ubuntu CI targets #8988 [@radarhere]

Update MinGW package names #8987 [@H4M5TER]

Updated docstring #8943 [@radarhere]

Mention that tobytes() with the raw encoder uses Pack.c #8878 [@radarhere]

Refactor docs Makefile #8933 [@hugovk]

Add template for quarterly release issue #8932 [@aclark4life]

Add list of third party plugins #8910 [@radarhere]

Update redirected URL #8919 [@radarhere]

Docs: use sentence case for headers #8914 [@hugovk]

Docs: remove unused Makefile targets #8917 [@hugovk]

Remove indentation from lists #8915 [@radarhere]

Python 3.13 is tested on Arch #8894 [@radarhere]

Move XV Thumbnails to read only section #8893 [@aclark4life]

Updated macOS tested Pillow versions #8890 [@radarhere]

Dependencies

Add AVIF to wheels using only aomenc and dav1d AVIF codecs for reduced size #8858 [@fdintino]

Use same AVIF URL when fetching dependency #8871 [@radarhere]

Update dependency mypy to v1.16.1 #9026 [@renovate[bot]]

Update libpng to 1.6.49 #9014 [@radarhere]

Update dependency cibuildwheel to v3 #9010 [@renovate[bot]]

Updated libjpeg-turbo to 3.1.1 #9009 [@radarhere]

Update dependency mypy to v1.16.0 #8991 [@renovate[bot]]

Updated libpng to 1.6.48 #8940 [@radarhere]

Updated Ghostscript to 10.5.1 #8939 [@radarhere]

Updated harfbuzz to 11.2.1 #8937 [@radarhere]

Updated libavif to 1.3.0 #8949 [@radarhere]

Update dependency cibuildwheel to v2.23.3 #8931 [@renovate[bot]]

Updated harfbuzz to 11.1.0 #8904 [@radarhere]

Testing

Add match parameter to pytest.warns() #9038 [@hugovk]

Increase pytest verbosity #9040 [@radarhere]

Improve SgiImagePlugin test coverage #8896 [@radarhere]

Update ruff pre-commit ID #8994 [@radarhere]

... (truncated)

Commits

89f1f46 11.3.0 version bump
f2de251 Updated check script paths (#9052)
84855d1 Raise FileNotFoundError when opening an empty path (#9048)
204d11d Raise FileNotFoundError when opening an empty path
2b39f75 Handle IPTC TIFF tags with incorrect type (#8925)
e7a53ba Do not update palette for L mode GIF frame (#8924)
c22230b Use save parameters as encoderinfo defaults (#9001)
da10ed1 Add support for iOS (#9030)
be2b4e7 Fix qtables and quality scaling (#8879)
d4162f8 Updated return type
Additional commits viewable in compare view

Updates urllib3 from 2.4.0 to 2.5.0

Release notes

Sourced from urllib3's releases.

2.5.0

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Security issues

urllib3 2.5.0 fixes two moderate security issues:

Pool managers now properly control redirects when retries is passed — CVE-2025-50181 reported by @sandumjacob (5.3 Medium, GHSA-pq67-6m6q-mj2v)

Redirects are now controlled by urllib3 in the Node.js runtime — CVE-2025-50182 (5.3 Medium, GHSA-48p4-8xcf-vxj5)

Features

Added support for the compression.zstd module that is new in Python 3.14. See PEP 784 for more information. (#3610)

Added support for version 0.5 of hatch-vcs (#3612)

Bugfixes

Raised exception for HTTPResponse.shutdown on a connection already released to the pool. (#3581)

Fixed incorrect CONNECT statement when using an IPv6 proxy with connection_from_host. Previously would not be wrapped in []. (#3615)

Changelog

Sourced from urllib3's changelog.

2.5.0 (2025-06-18)

Features

Added support for the compression.zstd module that is new in Python 3.14. See PEP 784 <https://peps.python.org/pep-0784/>_ for more information. ([#3610](https://github.com/urllib3/urllib3/issues/3610) <https://github.com/urllib3/urllib3/issues/3610>__)

Added support for version 0.5 of hatch-vcs ([#3612](https://github.com/urllib3/urllib3/issues/3612) <https://github.com/urllib3/urllib3/issues/3612>__)

Bugfixes

Fixed a security issue where restricting the maximum number of followed redirects at the urllib3.PoolManager level via the retries parameter did not work.

Made the Node.js runtime respect redirect parameters such as retries and redirects.

Raised exception for HTTPResponse.shutdown on a connection already released to the pool. ([#3581](https://github.com/urllib3/urllib3/issues/3581) <https://github.com/urllib3/urllib3/issues/3581>__)

Fixed incorrect CONNECT statement when using an IPv6 proxy with connection_from_host. Previously would not be wrapped in []. ([#3615](https://github.com/urllib3/urllib3/issues/3615) <https://github.com/urllib3/urllib3/issues/3615>__)

Commits

aaab4ec Release 2.5.0
7eb4a2a Merge commit from fork
f05b132 Merge commit from fork
d03fe32 Fix HTTP tunneling with IPv6 in older Python versions
11661e9 Bump github/codeql-action from 3.28.0 to 3.29.0 (#3624)
6a0ecc6 Update v2 migration guide to 2.4.0 (#3621)
8e32e60 Raise exception for shutdown on a connection already released to the pool (#3...
9996e0f Fix emscripten CI for Chrome 137+ (#3599)
4fd1a99 Bump RECENT_DATE (#3617)
c4b5917 Add support for the new compression.zstd module in Python 3.14 (#3611)
Additional commits viewable in compare view

Updates requests from 2.32.3 to 2.32.4

Release notes

Sourced from requests's releases.

v2.32.4

2.32.4 (2025-06-10)

Security

CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file. (#6965)

Improvements

Numerous documentation improvements

Deprecations

Added support for pypy 3.11 for Linux and macOS. (#6926)

Dropped support for pypy 3.9 following its end of support. (#6926)

Changelog

Sourced from requests's changelog.

2.32.4 (2025-06-10)

Security

CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file.

Improvements

Numerous documentation improvements

Deprecations

Added support for pypy 3.11 for Linux and macOS.

Dropped support for pypy 3.9 following its end of support.

Commits

021dc72 Polish up release tooling for last manual release
821770e Bump version and add release notes for v2.32.4
59f8aa2 Add netrc file search information to authentication documentation (#6876)
5b4b64c Add more tests to prevent regression of CVE 2024 47081
7bc4587 Add new test to check netrc auth leak (#6962)
96ba401 Only use hostname to do netrc lookup instead of netloc
7341690 Merge pull request #6951 from tswast/patch-1
6716d7c remove links
a7e1c74 Update docs/conf.py
c799b81 docs: fix dead links to kenreitz.org
Additional commits viewable in compare view

Updates urllib3 from 2.4.0 to 2.5.0

Release notes

Sourced from urllib3's releases.

2.5.0

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Security issues

urllib3 2.5.0 fixes two moderate security issues:

Pool managers now properly control redirects when retries is passed — CVE-2025-50181 reported by @sandumjacob (5.3 Medium, GHSA-pq67-6m6q-mj2v)

Redirects are now controlled by urllib3 in the Node.js runtime — CVE-2025-50182 (5.3 Medium, GHSA-48p4-8xcf-vxj5)

Features

Added support for the compression.zstd module that is new in Python 3.14. See PEP 784 for more information. (#3610)

Added support for version 0.5 of hatch-vcs (#3612)

Bugfixes

Raised exception for HTTPResponse.shutdown on a connection already released to the pool. (#3581)

Fixed incorrect CONNECT statement when using an IPv6 proxy with connection_from_host. Previously would not be wrapped in []. (#3615)

Changelog

Sourced from urllib3's changelog.

2.5.0 (2025-06-18)

Features

Added support for the compression.zstd module that is new in Python 3.14. See PEP 784 <https://peps.python.org/pep-0784/>_ for more information. ([#3610](https://github.com/urllib3/urllib3/issues/3610) <https://github.com/urllib3/urllib3/issues/3610>__)

Added support for version 0.5 of hatch-vcs ([#3612](https://github.com/urllib3/urllib3/issues/3612) <https://github.com/urllib3/urllib3/issues/3612>__)

Bugfixes

Fixed a security issue where restricting the maximum number of followed redirects at the urllib3.PoolManager level via the retries parameter did not work.

Made the Node.js runtime respect redirect parameters such as retries and redirects.

Raised exception for HTTPResponse.shutdown on a connection already released to the pool. ([#3581](https://github.com/urllib3/urllib3/issues/3581) <https://github.com/urllib3/urllib3/issues/3581>__)

Fixed incorrect CONNECT statement when using an IPv6 proxy with connection_from_host. Previously would not be wrapped in []. ([#3615](https://github.com/urllib3/urllib3/issues/3615) <https://github.com/urllib3/urllib3/issues/3615>__)

Commits

aaab4ec Release 2.5.0
7eb4a2a Merge commit from fork
f05b132 Merge commit from fork
d03fe32 Fix HTTP tunneling with IPv6 in older Python versions
11661e9 Bump github/codeql-action from 3.28.0 to 3.29.0 (#3624)
6a0ecc6 Update v2 migration guide to 2.4.0 (#3621)
8e32e60 Raise exception for shutdown on a connection already released to the pool (#3...
9996e0f Fix emscripten CI for Chrome 137+ (#3599)
4fd1a99 Bump RECENT_DATE (#3617)
c4b5917 Add support for the new compression.zstd module in Python 3.14 (#3611)
Additional commits viewable in compare view

Updates setuptools from 70.3.0 to 78.1.1

Changelog

Sourced from setuptools's changelog.

v78.1.1

Bugfixes

More fully sanitized the filename in PackageIndex._download. (#4946)

v78.1.0

Features

Restore access to _get_vc_env with a warning. (#4874)

v78.0.2

Bugfixes

Postponed removals of deprecated dash-separated and uppercase fields in setup.cfg. All packages with deprecated configurations are advised to move before 2026. (#4911)

v78.0.1

Misc

#4909

v78.0.0

Bugfixes

Reverted distutils changes that broke the monkey patching of command classes. (#4902)

Deprecations and Removals

Setuptools no longer accepts options containing uppercase or dash characters in setup.cfg.

... (truncated)

Commits

8e4868a Bump version: 78.1.0 → 78.1.1
100e9a6 Merge pull request #4951
8faf1d7 Add news fragment.
2ca4a9f Rely on re.sub to perform the decision in one expression.
e409e80 Extract _sanitize method for sanitizing the filename.
250a6d1 Add a check to ensure the name resolves relative to the tmpdir.
d8390fe Extract _resolve_download_filename with test.
4e1e893 Merge https://github.com/jaraco/skeleton
3a3144f Fix typo: pyproject.license -> project.license (#4931)
d751068 Fix typo: pyproject.license -> project.license
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the pip group with 3 updates in the / directory: [requests](https://github.com/psf/requests), [setuptools](https://github.com/pypa/setuptools) and [urllib3](https://github.com/urllib3/urllib3). Bumps the pip group with 3 updates in the /projects/ecoindex_api directory: [requests](https://github.com/psf/requests), [setuptools](https://github.com/pypa/setuptools) and [urllib3](https://github.com/urllib3/urllib3). Bumps the pip group with 3 updates in the /projects/ecoindex_cli directory: [requests](https://github.com/psf/requests), [pillow](https://github.com/python-pillow/Pillow) and [urllib3](https://github.com/urllib3/urllib3). Bumps the pip group with 2 updates in the /projects/ecoindex_compute directory: [requests](https://github.com/psf/requests) and [urllib3](https://github.com/urllib3/urllib3). Bumps the pip group with 1 update in the /projects/ecoindex_scraper directory: [setuptools](https://github.com/pypa/setuptools). Updates `requests` from 2.32.3 to 2.32.4 - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](psf/requests@v2.32.3...v2.32.4) Updates `setuptools` from 74.1.3 to 78.1.1 - [Release notes](https://github.com/pypa/setuptools/releases) - [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst) - [Commits](pypa/setuptools@v74.1.3...v78.1.1) Updates `urllib3` from 2.4.0 to 2.5.0 - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](urllib3/urllib3@2.4.0...2.5.0) Updates `requests` from 2.32.3 to 2.32.4 - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](psf/requests@v2.32.3...v2.32.4) Updates `setuptools` from 75.9.1 to 78.1.1 - [Release notes](https://github.com/pypa/setuptools/releases) - [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst) - [Commits](pypa/setuptools@v74.1.3...v78.1.1) Updates `urllib3` from 2.4.0 to 2.5.0 - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](urllib3/urllib3@2.4.0...2.5.0) Updates `requests` from 2.32.3 to 2.32.4 - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](psf/requests@v2.32.3...v2.32.4) Updates `pillow` from 11.2.1 to 11.3.0 - [Release notes](https://github.com/python-pillow/Pillow/releases) - [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst) - [Commits](python-pillow/Pillow@11.2.1...11.3.0) Updates `urllib3` from 2.4.0 to 2.5.0 - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](urllib3/urllib3@2.4.0...2.5.0) Updates `requests` from 2.32.3 to 2.32.4 - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](psf/requests@v2.32.3...v2.32.4) Updates `urllib3` from 2.4.0 to 2.5.0 - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](urllib3/urllib3@2.4.0...2.5.0) Updates `setuptools` from 70.3.0 to 78.1.1 - [Release notes](https://github.com/pypa/setuptools/releases) - [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst) - [Commits](pypa/setuptools@v74.1.3...v78.1.1) --- updated-dependencies: - dependency-name: requests dependency-version: 2.32.4 dependency-type: direct:production dependency-group: pip - dependency-name: setuptools dependency-version: 78.1.1 dependency-type: direct:production dependency-group: pip - dependency-name: urllib3 dependency-version: 2.5.0 dependency-type: indirect dependency-group: pip - dependency-name: requests dependency-version: 2.32.4 dependency-type: direct:production dependency-group: pip - dependency-name: setuptools dependency-version: 78.1.1 dependency-type: direct:production dependency-group: pip - dependency-name: urllib3 dependency-version: 2.5.0 dependency-type: indirect dependency-group: pip - dependency-name: requests dependency-version: 2.32.4 dependency-type: indirect dependency-group: pip - dependency-name: pillow dependency-version: 11.3.0 dependency-type: indirect dependency-group: pip - dependency-name: urllib3 dependency-version: 2.5.0 dependency-type: indirect dependency-group: pip - dependency-name: requests dependency-version: 2.32.4 dependency-type: direct:production dependency-group: pip - dependency-name: urllib3 dependency-version: 2.5.0 dependency-type: indirect dependency-group: pip - dependency-name: setuptools dependency-version: 78.1.1 dependency-type: direct:production dependency-group: pip ... Signed-off-by: dependabot[bot] <[email protected]>

github-actions · 2025-10-28T21:29:13Z

Branch coverage •

File	Stmts	Miss	Cover	Missing
TOTAL	710	230	67%

report-only-changed-files is enabled. No files were changed during this commit :)

dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Oct 28, 2025

github-actions bot added the size/Too Large label Oct 28, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): bump the pip group across 5 directories with 4 updates #125

chore(deps): bump the pip group across 5 directories with 4 updates #125

Uh oh!

dependabot bot commented on behalf of github Oct 28, 2025

Uh oh!

github-actions bot commented Oct 28, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

chore(deps): bump the pip group across 5 directories with 4 updates #125

Are you sure you want to change the base?

chore(deps): bump the pip group across 5 directories with 4 updates #125

Uh oh!

Conversation

dependabot bot commented on behalf of github Oct 28, 2025

v2.32.4

2.32.4 (2025-06-10)

2.32.4 (2025-06-10)

v78.1.1

Bugfixes

v78.1.0

Features

v78.0.2

Bugfixes

v78.0.1

Misc

v78.0.0

Bugfixes

Deprecations and Removals

2.5.0

🚀 urllib3 is fundraising for HTTP/2 support

Security issues

Features

Bugfixes

2.5.0 (2025-06-18)

Features

Bugfixes

v2.32.4

2.32.4 (2025-06-10)

2.32.4 (2025-06-10)

v78.1.1

Bugfixes

v78.1.0

Features

v78.0.2

Bugfixes

v78.0.1

Misc

v78.0.0

Bugfixes

Deprecations and Removals

2.5.0

🚀 urllib3 is fundraising for HTTP/2 support

Security issues

Features

Bugfixes

2.5.0 (2025-06-18)

Features

Bugfixes

v2.32.4

2.32.4 (2025-06-10)

2.32.4 (2025-06-10)

11.3.0

Deprecations

Documentation

Dependencies

Testing

2.5.0

🚀 urllib3 is fundraising for HTTP/2 support

Security issues

Features

Bugfixes

2.5.0 (2025-06-18)

Features

Bugfixes

v2.32.4

2.32.4 (2025-06-10)

2.32.4 (2025-06-10)

2.5.0

🚀 urllib3 is fundraising for HTTP/2 support

Security issues

Features

Bugfixes

2.5.0 (2025-06-18)

Features

Bugfixes

v78.1.1

Bugfixes

v78.1.0