Bump the workflows-dependencies group in /.github/workflows with 4 updates by dependabot[bot] · Pull Request #109 · statisticsnorway/ssb-rwrapr

dependabot · 2026-03-01T05:44:47Z

Bumps the workflows-dependencies group in /.github/workflows with 4 updates: pip, nox, poetry and virtualenv.

Updates pip from 25.3 to 26.0.1

Changelog

26.0.1 (2026-02-04)

Bug Fixes

Fix --pre not being respected from the command line when a requirement file includes an option e.g. -extra-index-url. ([#13788](https://github.com/pypa/pip/issues/13788) <https://github.com/pypa/pip/issues/13788>_)

26.0 (2026-01-30)

Deprecations and Removals

Remove support for non-bare project names in egg fragments. Affected users should use the Direct URL requirement syntax <https://packaging.python.org/en/latest/specifications/version-specifiers/#direct-references>. ([#13157](https://github.com/pypa/pip/issues/13157) <https://github.com/pypa/pip/issues/13157>)

Features

Display pip's command-line help in colour, if possible. ([#12134](https://github.com/pypa/pip/issues/12134) <https://github.com/pypa/pip/issues/12134>_)

Support installing dependencies declared with inline script metadata (:pep:723) with --requirements-from-script. ([#12891](https://github.com/pypa/pip/issues/12891) <https://github.com/pypa/pip/issues/12891>_)

Add --all-releases and --only-final options to control pre-release and final release selection during package installation. ([#13221](https://github.com/pypa/pip/issues/13221) <https://github.com/pypa/pip/issues/13221>_)

Add --uploaded-prior-to option to only consider packages uploaded prior to a given datetime when the upload-time field is available from a remote index. ([#13625](https://github.com/pypa/pip/issues/13625) <https://github.com/pypa/pip/issues/13625>_)

Add --use-feature inprocess-build-deps to request that build dependencies are installed within the same pip install process. This new mechanism is faster, supports --no-clean and --no-cache-dir reliably, and supports prompting for authentication.

Enabling this feature will also enable --use-feature build-constraints. This feature will become the default in a future pip version. ([#9081](https://github.com/pypa/pip/issues/9081) <https://github.com/pypa/pip/issues/9081>_)

pip cache purge and pip cache remove now clean up empty directories and legacy files left by older pip versions. ([#9058](https://github.com/pypa/pip/issues/9058) <https://github.com/pypa/pip/issues/9058>_)

Bug Fixes

Fix selecting pre-release versions when only pre-releases match. For example, package>1.0 with versions 1.0, 2.0rc1 now installs 2.0rc1 instead of failing. ([#13746](https://github.com/pypa/pip/issues/13746) <https://github.com/pypa/pip/issues/13746>_)

Revisions in version control URLs now must be percent-encoded. For example, use git+https://example.com/repo.git@issue%231 to specify the branch issue#1. If you previously used a branch name containing a % character in a version control URL, you now need to replace it with %25 to ensure correct percent-encoding. ([#13407](https://github.com/pypa/pip/issues/13407) <https://github.com/pypa/pip/issues/13407>_)

Preserve original casing when a path is displayed. ([#6823](https://github.com/pypa/pip/issues/6823) <https://github.com/pypa/pip/issues/6823>_)

Fix bash completion when the $IFS variable has been modified from its default. ([#13555](https://github.com/pypa/pip/issues/13555) <https://github.com/pypa/pip/issues/13555>_)

Precompute Python requirements on each candidate, reducing time of long resolutions. ([#13656](https://github.com/pypa/pip/issues/13656) <https://github.com/pypa/pip/issues/13656>_)

Skip redundant work converting version objects to strings when using the

... (truncated)

Commits

5fe4ea4 Bump for release
bea3cbe windows fix tests
ed22252 News Entry
af13274 Match release control behavior to the same as format control behavior
2f4d4a8 Merge pull request #13779 from notatallshaw/fix-26.0-news
04307a4 fix 26.0 news
6ec7b0a Merge pull request #13775 from notatallshaw/release/26.0
4104356 Bump for release
58be883 Update AUTHORS.txt
66f2dec Merge pull request #13778 from ichard26/docs/groups
Additional commits viewable in compare view

Updates nox from 2025.11.12 to 2026.2.9

Release notes

Sourced from nox's releases.

2026.02.09 ❤️‍🩹

This small release supports uv 0.10's new requirement that --clear be passed to clear an environment. Python 3.8 support was temporarily re-added since uv 0.10 still supports 3.8, so nox on 3.8 was affected.

We'd like to thank the following folks who contributed to this release:

@henryiii

@kai687 (first contribution)

@wu-zhao-min (first contribution)

Bugfixes:

Support uv 0.10.0 by @henryiii in wntrblm/nox#1055

Show tags by @henryiii in wntrblm/nox#1058

Better support for multiple session decorators by @henryiii in wntrblm/nox#1048

Normalize extra tox-to-nox by @henryiii in wntrblm/nox#1059

Better typing for .run by @henryiii in wntrblm/nox#1037

Internal changes:

Fix conda CI job by @henryiii in wntrblm/nox#1035

Drop Python 3.8 by @henryiii in wntrblm/nox#1004 and revert in wntrblm/nox#1060

Fix action test by @henryiii in wntrblm/nox#1036

Bump packaging dep to remove pyparsing by @henryiii in wntrblm/nox#1047

Avoid newest docutils until sphinx-tabs updates by @henryiii in wntrblm/nox#1052

Optimize the naming of constants to enhance readability by @wu-zhao-min in wntrblm/nox#1041

Documentation:

Duplicated session name in cookbook by @kai687 in wntrblm/nox#1050

Changelog

Sourced from nox's changelog.

Changelog

2026.02.09

This small release supports uv 0.10's new requirement that --clear be passed to clear an environment. Python 3.8 support was temporarily re-added since uv 0.10 still supports 3.8, so nox on 3.8 was affected.

We'd like to thank the following folks who contributed to this release:

@henryiii

@kai687 (first contribution)

@wu-zhao-min (first contribution)

Bugfixes:

Support uv 0.10.0 by @henryiii in wntrblm/nox#1055

Show tags by @henryiii in wntrblm/nox#1058

Better support for multiple session decorators by @henryiii in wntrblm/nox#1048

Normalize extra tox-to-nox by @henryiii in wntrblm/nox#1059

Better typing for .run by @henryiii in wntrblm/nox#1037

Internal changes:

Fix conda CI job by @henryiii in wntrblm/nox#1035

Drop Python 3.8 by @henryiii in wntrblm/nox#1004 and revert in wntrblm/nox#1060

Fix action test by @henryiii in wntrblm/nox#1036

Bump packaging dep to remove pyparsing by @henryiii in wntrblm/nox#1047

Avoid newest docutils until sphinx-tabs updates by @henryiii in wntrblm/nox#1052

Optimize the naming of constants to enhance readability by @wu-zhao-min in wntrblm/nox#1041

Documentation:

Duplicated session name in cookbook by @kai687 in wntrblm/nox#1050

Commits

5a277b7 docs: prepare for release (#1061)
90a8aef Revert "feat: drop Python 3.8 (#1004)" (#1060)
264f457 chore: normalize extra (#1059)
516d9bc fix: show tags (#1058)
7207b3f fix: support uv 0.10.0 (#1055)
11eee27 fix: better support for multiple session decorators (#1048)
c72769b docs: duplicated session name in cookbook (#1050)
a0660b1 docs: avoid newest docutils until sphinx-tabs updates (#1052)
f8edf5f fix(types): Better typing for .run (#1037)
5dbd95e chore: optimize the naming of constants to enhance readability (#1041)
Additional commits viewable in compare view

Updates poetry from 2.2.1 to 2.3.2

Release notes

Sourced from poetry's releases.

2.3.2

Changed

Allow dulwich>=1.0 (#10701).

poetry-core (2.3.1)

Fix an issue where platform_release could not be parsed on Windows Server (#911).

2.3.1

Fixed

Fix an issue where cached information about each package was always considered outdated (#10699).

Docs

Document SHELL_VERBOSITY environment variable (#10678).

2.3.0

Added

Add support for exporting pylock.toml files with poetry-plugin-export (#10677).

Add support for specifying build constraints for dependencies (#10388).

Add support for publishing artifacts whose version is determined dynamically by the build-backend (#10644).

Add support for editable project plugins (#10661).

Check requires-poetry before any other validation (#10593).

Validate the content of project.readme when running poetry check (#10604).

Add the option to clear all caches by making the cache name in poetry cache clear optional (#10627).

Automatically update the cache for packages where the locked files differ from cached files (#10657).

Suggest to clear the cache if running a command with --no-cache solves an issue (#10585).

Propose poetry init when trying poetry new for an existing directory (#10563).

Add support for poetry publish --skip-existing for new Nexus OSS versions (#10603).

Show Poetry's own Python's path in poetry debug info (#10588).

Changed

Drop support for Python 3.9 (#10634).

Change the default of installer.re-resolve from true to false (#10622).

PEP 735 dependency groups are considered in the lock file hash (#10621).

Deprecate poetry.utils._compat.metadata, which is sometimes used in plugins, in favor of importlib.metadata (#10634).

Improve managing free-threaded Python versions with poetry python (#10606).

Prefer JSON API to HTML API in legacy repositories (#10672).

When running poetry init, only add the readme field in the pyproject.toml if the readme file exists (#10679).

Raise an error if no hash can be determined for any distribution link of a package (#10673).

Require dulwich>=0.25.0 (#10674).

Fixed

Fix an issue where poetry remove did not work for PEP 735 dependency groups with include-group items (#10587).

Fix an issue where poetry remove caused dangling include-group references in PEP 735 dependency groups (#10590).

... (truncated)

Changelog

Sourced from poetry's changelog.

[2.3.2] - 2026-02-01

Changed

Allow dulwich>=1.0 (#10701).

poetry-core (2.3.1)

Fix an issue where platform_release could not be parsed on Windows Server (#911).

[2.3.1] - 2026-01-20

Fixed

Fix an issue where cached information about each package was always considered outdated (#10699).

Docs

Document SHELL_VERBOSITY environment variable (#10678).

[2.3.0] - 2026-01-18

Added

Add support for exporting pylock.toml files with poetry-plugin-export (#10677).

Add support for specifying build constraints for dependencies (#10388).

Add support for publishing artifacts whose version is determined dynamically by the build-backend (#10644).

Add support for editable project plugins (#10661).

Check requires-poetry before any other validation (#10593).

Validate the content of project.readme when running poetry check (#10604).

Add the option to clear all caches by making the cache name in poetry cache clear optional (#10627).

Automatically update the cache for packages where the locked files differ from cached files (#10657).

Suggest to clear the cache if running a command with --no-cache solves an issue (#10585).

Propose poetry init when trying poetry new for an existing directory (#10563).

Add support for poetry publish --skip-existing for new Nexus OSS versions (#10603).

Show Poetry's own Python's path in poetry debug info (#10588).

Changed

Drop support for Python 3.9 (#10634).

Change the default of installer.re-resolve from true to false (#10622).

PEP 735 dependency groups are considered in the lock file hash (#10621).

Deprecate poetry.utils._compat.metadata, which is sometimes used in plugins, in favor of importlib.metadata (#10634).

Improve managing free-threaded Python versions with poetry python (#10606).

Prefer JSON API to HTML API in legacy repositories (#10672).

When running poetry init, only add the readme field in the pyproject.toml if the readme file exists (#10679).

Raise an error if no hash can be determined for any distribution link of a package (#10673).

Require dulwich>=0.25.0 (#10674).

... (truncated)

Commits

a84cd0f release: bump version to 2.3.2
fb7fe4b [pre-commit.ci] pre-commit autoupdate (#10697)
4a8031f Update to dulwich 1.0.0 (#10701)
f3d239b release: bump version to 2.3.1
6a81e60 fix: ignore different URL in cache staleness check (#10699)
697c170 docs: document SHELL_VERBOSITY environment variable (#10678)
e39f1f1 release: bump version to 2.3.0
c6d3537 env activate: fallback to POSIX compatible builtin (#10696)
ba73d18 chore: update locked dependencies (#10694)
a09b503 chore: update actions (#10693)
Additional commits viewable in compare view

Updates virtualenv from 20.35.4 to 21.1.0

Release notes

Sourced from virtualenv's releases.

21.1.0

What's Changed

add comprehensive type annotations across the entire codebase by @rahuldevikar in pypa/virtualenv#3076

Full Changelog: pypa/virtualenv@21.0.0...21.1.0

21.0.0

What's Changed

♻️ refactor(discovery): extract py_discovery as self-contained package by @gaborbernat in pypa/virtualenv#3070

📝 docs(changelog): add removal entry for python-discovery extraction by @gaborbernat in pypa/virtualenv#3074

Full Changelog: pypa/virtualenv@20.39.1...21.0.0

20.39.1

What's Changed

Align dependency versions across projects by @gaborbernat in pypa/virtualenv#3069

✨ feat(create): add RustPython support by @gaborbernat in pypa/virtualenv#3071

🐛 fix(create): add pythonw3.exe to Windows venvs by @gaborbernat in pypa/virtualenv#3073

Full Changelog: pypa/virtualenv@20.39.0...20.39.1

20.39.0

What's Changed

Move from extras to dependency-groups by @gaborbernat in pypa/virtualenv#3056

🐛 fix(sdist): include tox.toml in sdist by @gaborbernat in pypa/virtualenv#3063

🐛 fix(seed): add --ignore-installed to pip invoke seeder by @gaborbernat in pypa/virtualenv#3064

👷 ci(brew): add missing Homebrew Python versions and fix discovery by @gaborbernat in pypa/virtualenv#3066

🧪 test(discovery): fix test_py_info_cache_clear outside venv by @gaborbernat in pypa/virtualenv#3065

Add architecture (ISA) awareness to Python discovery by @rahuldevikar in pypa/virtualenv#3058

🐛 fix(discovery): resolve version-manager shims to real binaries by @gaborbernat in pypa/virtualenv#3067

Add auto-upgrade workflow for embedded dependencies by @rahuldevikar in pypa/virtualenv#3057

Full Changelog: pypa/virtualenv@20.38.0...20.39.0

20.38.0

What's Changed

... (truncated)

Changelog

Sourced from virtualenv's changelog.

Features - 21.1.0

Add comprehensive type annotations across the entire codebase and ship a PEP 561 py.typed marker so downstream consumers and type checkers recognize virtualenv as an inline-typed package - by :user:rahuldevikar. (:issue:3075)

v21.0.0 (2026-02-25)

Deprecations and Removals - 21.0.0

The Python discovery logic has been extracted into a standalone python-discovery package on PyPI (documentation <https://python-discovery.readthedocs.io/>_) and is now consumed as a dependency. If you previously imported discovery internals directly (e.g. from virtualenv.discovery.py_info import PythonInfo), switch to from python_discovery import PythonInfo. Backward-compatibility re-export shims are provided at virtualenv.discovery.py_info, virtualenv.discovery.py_spec, and virtualenv.discovery.cached_py_info, however these are considered unsupported and may be removed in a future release - by :user:gaborbernat. (:issue:3070)

v20.39.1 (2026-02-25)

Features - 20.39.1

Add support for creating virtual environments with RustPython - by :user:elmjag. (:issue:3010)

v20.39.0 (2026-02-23)

Features - 20.39.0

Automatically resolve version manager shims (pyenv, mise, asdf) to the real Python binary during discovery, preventing incorrect interpreter selection when shims are on PATH - by :user:gaborbernat. (:issue:3049)

Add architecture (ISA) awareness to Python discovery — users can now specify a CPU architecture suffix in the --python spec string (e.g. cpython3.12-64-arm64) to distinguish between interpreters that share the same version and bitness but target different architectures. Uses sysconfig.get_platform() as the data source, with cross-platform normalization (amd64 ↔ x86_64, aarch64 ↔ arm64). Omitting the suffix preserves existing behavior - by :user:rahuldevikar. (:issue:3059)

v20.38.0 (2026-02-19)

Features - 20.38.0

... (truncated)

Commits

404a3e5 release 21.1.0
981d87c add comprehensive type annotations across the entire codebase (#3076)
17d98ba Add security policy
7687420 release 21.0.0
8ec3142 📝 docs(changelog): add removal entry for python-discovery extraction (#3074)
f89d46c ♻️ refactor(discovery): extract py_discovery as self-contained package (#3070)
0272c72 release 20.39.1
b1ca37f 🐛 fix(create): add pythonw3.exe to Windows venvs (#3073)
1d4a338 ✨ feat(create): add RustPython support (#3071)
a10c5d4 Align dependency versions across projects (#3069)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the workflows-dependencies group in /.github/workflows with 4 updates: [pip](https://github.com/pypa/pip), [nox](https://github.com/wntrblm/nox), [poetry](https://github.com/python-poetry/poetry) and [virtualenv](https://github.com/pypa/virtualenv). Updates `pip` from 25.3 to 26.0.1 - [Changelog](https://github.com/pypa/pip/blob/main/NEWS.rst) - [Commits](pypa/pip@25.3...26.0.1) Updates `nox` from 2025.11.12 to 2026.2.9 - [Release notes](https://github.com/wntrblm/nox/releases) - [Changelog](https://github.com/wntrblm/nox/blob/main/CHANGELOG.md) - [Commits](wntrblm/nox@2025.11.12...2026.02.09) Updates `poetry` from 2.2.1 to 2.3.2 - [Release notes](https://github.com/python-poetry/poetry/releases) - [Changelog](https://github.com/python-poetry/poetry/blob/main/CHANGELOG.md) - [Commits](python-poetry/poetry@2.2.1...2.3.2) Updates `virtualenv` from 20.35.4 to 21.1.0 - [Release notes](https://github.com/pypa/virtualenv/releases) - [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst) - [Commits](pypa/virtualenv@20.35.4...21.1.0) --- updated-dependencies: - dependency-name: pip dependency-version: 26.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: workflows-dependencies - dependency-name: nox dependency-version: 2026.2.9 dependency-type: direct:production update-type: version-update:semver-major dependency-group: workflows-dependencies - dependency-name: poetry dependency-version: 2.3.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: workflows-dependencies - dependency-name: virtualenv dependency-version: 21.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: workflows-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Mar 1, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the workflows-dependencies group in /.github/workflows with 4 updates#109

Bump the workflows-dependencies group in /.github/workflows with 4 updates#109
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/dot-github/workflows/workflows-dependencies-60a2b48285

dependabot bot commented on behalf of github Mar 1, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Mar 1, 2026

26.0.1 (2026-02-04)

Bug Fixes

26.0 (2026-01-30)

Deprecations and Removals

Features

Bug Fixes

2026.02.09 ❤️‍🩹

Changelog

2026.02.09

2.3.2

Changed

poetry-core (2.3.1)

2.3.1

Fixed

Docs

2.3.0

Added

Changed

Fixed

[2.3.2] - 2026-02-01

Changed

poetry-core (2.3.1)

[2.3.1] - 2026-01-20

Fixed

Docs

[2.3.0] - 2026-01-18

Added

Changed

21.1.0

What's Changed

21.0.0

What's Changed

20.39.1

What's Changed

20.39.0

What's Changed

20.38.0

What's Changed

Features - 21.1.0

Deprecations and Removals - 21.0.0

Features - 20.39.1

Features - 20.39.0

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

poetry-core (`2.3.1`)

poetry-core (`2.3.1`)