Bump the everything-else group across 1 directory with 5 updates #946

dependabot · 2025-03-17T10:19:08Z

Bumps the everything-else group with 5 updates in the /python directory:

Package	From	To
astroid	`3.3.8`	`3.3.9`
filelock	`3.17.0`	`3.18.0`
jinja2	`3.1.5`	`3.1.6`
tox	`4.24.1`	`4.24.2`
virtualenv	`20.29.2`	`20.29.3`

Updates astroid from 3.3.8 to 3.3.9

Release notes

Sourced from astroid's releases.

v3.3.9

What's New in astroid 3.3.9?

Release date: 2025-03-09

Fix crash when sys.modules contains lazy loader objects during checking.

Closes #2686 Closes pylint-dev/pylint#8589

Upload release assets to PyPI via Trusted Publishing.

Refs pylint-dev/pylint#10256

Changelog

Sourced from astroid's changelog.

What's New in astroid 3.3.9?

Release date: 2025-03-09

Fix crash when sys.modules contains lazy loader objects during checking.

Closes #2686 Closes pylint-dev/pylint#8589

Upload release assets to PyPI via Trusted Publishing.

Refs pylint-dev/pylint#10256

Commits

a6ccad5 Bump astroid to 3.3.9, update changelog
ec2df97 Add setuptools in order to run 3.12/3.13 tests
74c34fb Bump actions/cache from 4.2.0 to 4.2.2 (#2692)
5512bf2 Update release workflow to use Trusted Publishing (#2696)
aad8e68 [Backport maintenance/3.3.x] Fix missing dict (#2685) (#2690)
234be58 Fix RuntimeError caused by analyzing live objects with __getattribute__ or ...
6aeafd5 Bump pylint in pre-commit configuration to 3.2.7
See full diff in compare view

Updates filelock from 3.17.0 to 3.18.0

Release notes

Sourced from filelock's releases.

3.18.0

What's Changed

Indicate that locks are exclusive/write locks. by @bicarlsen in tox-dev/filelock#394

Support fcntl check on Emscripten by @juntyr in tox-dev/filelock#398

New Contributors

@bicarlsen made their first contribution in tox-dev/filelock#394

@juntyr made their first contribution in tox-dev/filelock#398

Full Changelog: tox-dev/filelock@3.17.0...3.18.0

Commits

129a1ef [pre-commit.ci] pre-commit autoupdate (#405)
717d7e0 [pre-commit.ci] pre-commit autoupdate (#403)
efba779 [pre-commit.ci] pre-commit autoupdate (#401)
82f5a2d Support fcntl check on Emscripten (#398)
468ba43 [pre-commit.ci] pre-commit autoupdate (#396)
0ac6826 [pre-commit.ci] pre-commit autoupdate (#395)
b5f98a6 Indicate that locks are exclusive/write locks. (#394)
3c9b680 [pre-commit.ci] pre-commit autoupdate (#393)
2760759 [pre-commit.ci] pre-commit autoupdate (#391)
18c9571 Bump pypa/gh-action-pypi-publish from 1.12.3 to 1.12.4 (#390)
See full diff in compare view

Updates jinja2 from 3.1.5 to 3.1.6

Release notes

Sourced from jinja2's releases.

3.1.6

This is the Jinja 3.1.6 security release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Jinja2/3.1.6/ Changes: https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6

The |attr filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. GHSA-cpwx-vrp4-4pq7

Changelog

Sourced from jinja2's changelog.

Version 3.1.6

Released 2025-03-05

The |attr filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. :ghsa:cpwx-vrp4-4pq7

Commits

1520688 release version 3.1.6
90457bb Merge commit from fork
065334d attr filter uses env.getattr
033c200 start version 3.1.6
bc68d4e use global contributing guide (#2070)
247de5e use global contributing guide
ab8218c use project advisory link instead of global
b4ffc8f release version 3.1.5 (#2066)
See full diff in compare view

Updates tox from 4.24.1 to 4.24.2

Release notes

Sourced from tox's releases.

4.24.2

What's Changed

TOX-3117 bugfix -c pyproject with non legacy by @AdrianCert in tox-dev/tox#3471

fix(docs): update expected code by @gforcada in tox-dev/tox#3480

Add missing bracket in config example by @jodal in tox-dev/tox#3481

Gh issue 3456 update environment variable documentation by @jugmac00 in tox-dev/tox#3482

fix: Respect --parallel N with --parallel-no-spinner by @tusharsadhwani in tox-dev/tox#3495

TOML set_env file support by @juditnovak in tox-dev/tox#3478

New Contributors

@AdrianCert made their first contribution in tox-dev/tox#3471

@gforcada made their first contribution in tox-dev/tox#3480

@jodal made their first contribution in tox-dev/tox#3481

@juditnovak made their first contribution in tox-dev/tox#3478

Full Changelog: tox-dev/tox@4.24.1...4.24.2

Changelog

Sourced from tox's changelog.

v4.24.2 (2025-03-07)

Bugfixes - 4.24.2

- multiple source_type supports for the same filename. Like pyproject.toml can be load by both TomlPyProject & LegacyToml (:issue:`3117`)
- Support ``set_env = { file = "conf{/}local.env"}`` for TOML format - by :user:`juditnovak`. (:issue:`3474`)
- fix example on the docs (:issue:`3480`)
- - ``--parallel-no-spinner`` now respects max CPU set by ``--parallel N`` (:issue:`3495`)
Improved Documentation - 4.24.2

Updates the documentation for os.environ['KEY'] when the variable does not exist - by :user:jugmac00. (:issue:3456)

Commits

05835bf release 4.24.2
4852262 TOML set_env file support (#3478)
1dac11f fix: Respect --parallel N with --parallel-no-spinner (#3495)
fd44904 [pre-commit.ci] pre-commit autoupdate (#3488)
32879c8 [pre-commit.ci] pre-commit autoupdate (#3486)
0a4ba54 [pre-commit.ci] pre-commit autoupdate (#3484)
65d404e Gh issue 3456 update environment variable documentation (#3482)
28212ab Add missing bracket in config example (#3481)
6b40c0c fix(docs): update expected code (#3480)
6e53aea [pre-commit.ci] pre-commit autoupdate (#3479)
Additional commits viewable in compare view

Updates virtualenv from 20.29.2 to 20.29.3

Release notes

Sourced from virtualenv's releases.

20.29.3

What's Changed

release 20.29.2 by @gaborbernat in pypa/virtualenv#2844

Remove duplicate bug report template by @shenxianpeng in pypa/virtualenv#2850

Fix debug logging interpolation by @tipabu in pypa/virtualenv#2849

Ignore directories in PATH that can't be opened by @barneygale in pypa/virtualenv#2852

New Contributors

@shenxianpeng made their first contribution in pypa/virtualenv#2850

@tipabu made their first contribution in pypa/virtualenv#2849

@barneygale made their first contribution in pypa/virtualenv#2852

Full Changelog: pypa/virtualenv@20.29.2...20.29.3

Changelog

Sourced from virtualenv's changelog.

v20.29.3 (2025-03-06)

Bugfixes - 20.29.3
- Ignore unreadable directories in ``PATH``. (:issue:`2794`)

Commits

b1666e9 release 20.29.3
e05b286 Merge pull request #2853 from pypa/pre-commit-ci-update-config
d6bc4a9 [pre-commit.ci] pre-commit autoupdate
1fc647e Merge pull request #2852 from barneygale/fix-2794
4567521 Add changelog entry
220b6b8 Add test
ee9d84c Ignore directories in PATH that can't be opened (#2794)
7365ad2 Merge pull request #2849 from tipabu/logging-interpolation
5b74c9a Merge pull request #2850 from shenxianpeng/remove-duplicate-template
ca5935a Remove duplicate bug report template
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the everything-else group with 5 updates in the /python directory: | Package | From | To | | --- | --- | --- | | [astroid](https://github.com/pylint-dev/astroid) | `3.3.8` | `3.3.9` | | [filelock](https://github.com/tox-dev/py-filelock) | `3.17.0` | `3.18.0` | | [jinja2](https://github.com/pallets/jinja) | `3.1.5` | `3.1.6` | | [tox](https://github.com/tox-dev/tox) | `4.24.1` | `4.24.2` | | [virtualenv](https://github.com/pypa/virtualenv) | `20.29.2` | `20.29.3` | Updates `astroid` from 3.3.8 to 3.3.9 - [Release notes](https://github.com/pylint-dev/astroid/releases) - [Changelog](https://github.com/pylint-dev/astroid/blob/main/ChangeLog) - [Commits](pylint-dev/astroid@v3.3.8...v3.3.9) Updates `filelock` from 3.17.0 to 3.18.0 - [Release notes](https://github.com/tox-dev/py-filelock/releases) - [Changelog](https://github.com/tox-dev/filelock/blob/main/docs/changelog.rst) - [Commits](tox-dev/filelock@3.17.0...3.18.0) Updates `jinja2` from 3.1.5 to 3.1.6 - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst) - [Commits](pallets/jinja@3.1.5...3.1.6) Updates `tox` from 4.24.1 to 4.24.2 - [Release notes](https://github.com/tox-dev/tox/releases) - [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst) - [Commits](tox-dev/tox@4.24.1...4.24.2) Updates `virtualenv` from 20.29.2 to 20.29.3 - [Release notes](https://github.com/pypa/virtualenv/releases) - [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst) - [Commits](pypa/virtualenv@20.29.2...20.29.3) --- updated-dependencies: - dependency-name: astroid dependency-type: direct:production update-type: version-update:semver-patch dependency-group: everything-else - dependency-name: filelock dependency-type: direct:production update-type: version-update:semver-minor dependency-group: everything-else - dependency-name: jinja2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: everything-else - dependency-name: tox dependency-type: direct:production update-type: version-update:semver-patch dependency-group: everything-else - dependency-name: virtualenv dependency-type: direct:production update-type: version-update:semver-patch dependency-group: everything-else ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Mar 17, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the everything-else group across 1 directory with 5 updates #946

Bump the everything-else group across 1 directory with 5 updates #946

dependabot bot commented on behalf of github Mar 17, 2025

Bump the everything-else group across 1 directory with 5 updates #946

Are you sure you want to change the base?

Bump the everything-else group across 1 directory with 5 updates #946

Conversation

dependabot bot commented on behalf of github Mar 17, 2025

v3.3.9

What's New in astroid 3.3.9?

What's New in astroid 3.3.9?

3.18.0

What's Changed

New Contributors

3.1.6

Version 3.1.6

4.24.2

What's Changed

New Contributors

v4.24.2 (2025-03-07)

20.29.3

What's Changed

New Contributors

v20.29.3 (2025-03-06)