Skip to content

pip: bump the pip-updates group with 2 updates #204

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
JohnGarbutt merged 1 commit into from
Jun 23, 2025
Merged

pip: bump the pip-updates group with 2 updates #204

JohnGarbutt merged 1 commit into from
Jun 23, 2025

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jun 18, 2025
edited
Loading

Updates the requirements on multidict and ruff to permit the latest version.
Updates multidict from 6.4.4 to 6.5.0

Release notes

Sourced from multidict's releases.

6.5.0

Features

  • Replace internal implementation from an array of items to hash table. algorithmic complexity for lookups is switched from O(N) to O(1).

    The hash table is very similar to :class:dict from CPython but it allows keys duplication.

    The benchmark shows 25-50% boost for single lookups, x2-x3 for bulk updates, and x20 for some multidict view operations. The gain is not for free: :class:~multidict.MultiDict.add and :class:~multidict.MultiDict.extend are 25-50% slower now. We consider it as acceptable because the lookup is much more common operation that addition for the library domain.

    Related issues and pull requests on GitHub: #1128.

Contributor-facing changes

  • Builds have been added for arm64 Windows wheels and the reusable-build-wheel.yml template has been modified to allow for an os value (windows-11-arm) which does not end with the -latest postfix.

    Related issues and pull requests on GitHub: #1167.

Changelog

Sourced from multidict's changelog.

6.5.0

(2025-06-17)

Features

  • Replace internal implementation from an array of items to hash table. algorithmic complexity for lookups is switched from O(N) to O(1).

    The hash table is very similar to :class:dict from CPython but it allows keys duplication.

    The benchmark shows 25-50% boost for single lookups, x2-x3 for bulk updates, and x20 for some multidict view operations. The gain is not for free: :class:~multidict.MultiDict.add and :class:~multidict.MultiDict.extend are 25-50% slower now. We consider it as acceptable because the lookup is much more common operation that addition for the library domain.

    Related issues and pull requests on GitHub: :issue:1128.

Contributor-facing changes

  • Builds have been added for arm64 Windows wheels and the reusable-build-wheel.yml template has been modified to allow for an os value (windows-11-arm) which does not end with the -latest postfix.

    Related issues and pull requests on GitHub: :issue:1167.

Commits

Updates ruff to 0.12.0

Release notes

Sourced from ruff's releases.

0.12.0

Release Notes

Check out the blog post for a migration guide and overview of the changes!

Breaking changes

  • Detection of more syntax errors

    Ruff now detects version-related syntax errors, such as the use of the match statement on Python versions before 3.10, and syntax errors emitted by CPython's compiler, such as irrefutable match patterns before the final case arm.

  • New default Python version handling for syntax errors

    Ruff will default to the latest supported Python version (3.13) when checking for the version-related syntax errors mentioned above to prevent false positives in projects without a Python version configured. The default in all other cases, like applying lint rules, is unchanged and remains at the minimum supported Python version (3.9).

  • Updated f-string formatting

    Ruff now formats multi-line f-strings with format specifiers to avoid adding a line break after the format specifier. This addresses a change to the Python grammar in version 3.13.4 that made such a line break a syntax error.

  • rust-toolchain.toml is no longer included in source distributions

    The rust-toolchain.toml is used to specify a higher Rust version than Ruff's minimum supported Rust version (MSRV) for development and building release artifacts. However, when present in source distributions, it would also cause downstream package maintainers to pull in the same Rust toolchain, even if their available toolchain was MSRV-compatible.

Removed Rules

The following rules have been removed:

Deprecated Rules

The following rules have been deprecated:

Stabilization

... (truncated)

Changelog

Sourced from ruff's changelog.

0.12.0

Check out the blog post for a migration guide and overview of the changes!

Breaking changes

  • Detection of more syntax errors

    Ruff now detects version-related syntax errors, such as the use of the match statement on Python versions before 3.10, and syntax errors emitted by CPython's compiler, such as irrefutable match patterns before the final case arm.

  • New default Python version handling for syntax errors

    Ruff will default to the latest supported Python version (3.13) when checking for the version-related syntax errors mentioned above to prevent false positives in projects without a Python version configured. The default in all other cases, like applying lint rules, is unchanged and remains at the minimum supported Python version (3.9).

  • Updated f-string formatting

    Ruff now formats multi-line f-strings with format specifiers to avoid adding a line break after the format specifier. This addresses a change to the Python grammar in version 3.13.4 that made such a line break a syntax error.

  • rust-toolchain.toml is no longer included in source distributions

    The rust-toolchain.toml is used to specify a higher Rust version than Ruff's minimum supported Rust version (MSRV) for development and building release artifacts. However, when present in source distributions, it would also cause downstream package maintainers to pull in the same Rust toolchain, even if their available toolchain was MSRV-compatible.

Removed Rules

The following rules have been removed:

Deprecated Rules

The following rules have been deprecated:

Stabilization

... (truncated)

Commits
  • 87f0feb Bump 0.12.0 (#18724)
  • 685eac1 Revert "[ty] Offer "Did you mean...?" suggestions for unresolved from impor...
  • a93992f [flake8-return] Stabilize only add return None at the end when fixing `im...
  • 50f8480 [pyupgrade] Stabilize non-pep695-generic-function (UP047) (#18524)
  • 6754e94 [pyupgrade] Stabilize non-pep695-generic-class (UP046) (#18519)
  • 33c8c75 [pandas-vet] Deprecate pandas-df-variable-name (PD901) (#18618)
  • 34dc8e0 [flake8-bandit] Remove suspicious-xmle-tree-usage (S320) (#18617)
  • b01195b Stabilize dataclass-enum (RUF049) (#18570)
  • ce176b1 Stabilize unnecessary-dict-index-lookup (PLR1733) (#18571)
  • 7072cf6 Remove rust-toolchain.toml from sdist (#17925)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
pip: bump the pip-updates group with 2 updates
903e34e 
Updates the requirements on [multidict](https://github.com/aio-libs/multidict) and [ruff](https://github.com/astral-sh/ruff) to permit the latest version.

Updates `multidict` from 6.4.4 to 6.5.0
- [Release notes](https://github.com/aio-libs/multidict/releases)
- [Changelog](https://github.com/aio-libs/multidict/blob/master/CHANGES.rst)
- [Commits](aio-libs/multidict@v6.4.4...v6.5.0)

Updates `ruff` to 0.12.0
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.11.13...0.12.0)

---
updated-dependencies:
- dependency-name: multidict
  dependency-version: 6.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pip-updates
- dependency-name: ruff
  dependency-version: 0.12.0
  dependency-type: direct:production
  dependency-group: pip-updates
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added automation This issue or pull request was created by automation pip-update This pull request updates a pip package labels Jun 18, 2025
@dependabot dependabot bot requested a review from a team as a code owner June 18, 2025 08:18
@dependabot dependabot bot added automation This issue or pull request was created by automation pip-update This pull request updates a pip package labels Jun 18, 2025
@JohnGarbutt JohnGarbutt merged commit 4e6c88d into main Jun 23, 2025
8 checks passed
@dependabot dependabot bot deleted the dependabot/pip/pip-updates-f73dbde4c6 branch June 23, 2025 11:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@JohnGarbutt JohnGarbutt JohnGarbutt approved these changes

Assignees

No one assigned

Labels

automation This issue or pull request was created by automation pip-update This pull request updates a pip package

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@JohnGarbutt