Skip to content

Deps: Bump the python-packages group with 3 updates#1304

Merged
greenbonebot merged 1 commit intomainfrom
dependabot/pip/python-packages-19ea060acf
Mar 9, 2026
Merged

Deps: Bump the python-packages group with 3 updates#1304
greenbonebot merged 1 commit intomainfrom
dependabot/pip/python-packages-19ea060acf

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 9, 2026

Bumps the python-packages group with 3 updates: charset-normalizer, imagesize and ruff.

Updates charset-normalizer from 3.4.4 to 3.4.5

Release notes

Sourced from charset-normalizer's releases.

Version 3.4.5

3.4.5 (2026-03-06)

Changed

  • Update setuptools constraint to setuptools>=68,<=82.
  • Raised upper bound of mypyc for the optional pre-built extension to v1.19.1

Fixed

  • Add explicit link to lib math in our optimized build. (#692)
  • Logger level not restored correctly for empty byte sequences. (#701)
  • TypeError when passing bytearray to from_bytes. (#703)

Misc

  • Applied safe micro-optimizations in both our noise detector and language detector.
  • Rewrote the query_yes_no function (inside CLI) to avoid using ambiguous licensed code.
  • Added cd.py submodule into mypyc optional compilation to reduce further the performance impact.

[!WARNING]
mypyc changed the usual binary output for the optimized wheel. Beware, especially if using PyInstaller or alike. See jawah/charset_normalizer#714

Changelog

Sourced from charset-normalizer's changelog.

3.4.5 (2026-03-06)

Changed

  • Update setuptools constraint to setuptools>=68,<=82.
  • Raised upper bound of mypyc for the optional pre-built extension to v1.19.1

Fixed

  • Add explicit link to lib math in our optimized build. (#692)
  • Logger level not restored correctly for empty byte sequences. (#701)
  • TypeError when passing bytearray to from_bytes. (#703)

Misc

  • Applied safe micro-optimizations in both our noise detector and language detector.
  • Rewrote the query_yes_no function (inside CLI) to avoid using ambiguous licensed code.
  • Added cd.py submodule into mypyc optional compilation to reduce further the performance impact.
Commits
  • 7411396 📝 update changelog
  • 8de6012 Merge pull request #713 from jawah/release-3.4.5
  • 39d0fba Merge branch 'master' into release-3.4.5
  • f211d4a ⬆️ Bump actions/upload-artifact from 6.0.0 to 7.0.0 (#707)
  • 9123864 ⬆️ Bump github/codeql-action from 4.32.0 to 4.32.4 (#710)
  • 5cb1f12 ⬆️ Bump actions/download-artifact from 7.0.0 to 8.0.0 (#711)
  • 7e68582 ⬆️ Update setuptools requirement from <=81,>=68 to >=68,<=82.0.0 (#712)
  • e1e2ccb correct cp_similarity ratio ceiling (#704)
  • 209f9ff fix TypeError when passing bytearray to from_bytes (#703)
  • 6a8503f Fix logger level not restored correctly for empty byte sequences (#701)
  • Additional commits viewable in compare view

Updates imagesize from 1.4.1 to 1.5.0

Commits

Updates ruff from 0.15.4 to 0.15.5

Release notes

Sourced from ruff's releases.

0.15.5

Release Notes

Released on 2026-03-05.

Preview features

  • Discover Markdown files by default in preview mode (#23434)
  • [perflint] Extend PERF102 to comprehensions and generators (#23473)
  • [refurb] Fix FURB101 and FURB103 false positives when I/O variable is used later (#23542)
  • [ruff] Add fix for none-not-at-end-of-union (RUF036) (#22829)
  • [ruff] Fix false positive for re.split with empty string pattern (RUF055) (#23634)

Bug fixes

  • [fastapi] Handle callable class dependencies with __call__ method (FAST003) (#23553)
  • [pydocstyle] Fix numpy section ordering (D420) (#23685)
  • [pyflakes] Fix false positive for names shadowing re-exports (F811) (#23356)
  • [pyupgrade] Avoid inserting redundant None elements in UP045 (#23459)

Documentation

  • Document extension mapping for Markdown code formatting (#23574)
  • Update default Python version examples (#23605)

Other changes

  • Publish releases to Astral mirror (#23616)

Contributors

Install ruff 0.15.5

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/ruff/releases/download/0.15.5/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.5

Released on 2026-03-05.

Preview features

  • Discover Markdown files by default in preview mode (#23434)
  • [perflint] Extend PERF102 to comprehensions and generators (#23473)
  • [refurb] Fix FURB101 and FURB103 false positives when I/O variable is used later (#23542)
  • [ruff] Add fix for none-not-at-end-of-union (RUF036) (#22829)
  • [ruff] Fix false positive for re.split with empty string pattern (RUF055) (#23634)

Bug fixes

  • [fastapi] Handle callable class dependencies with __call__ method (FAST003) (#23553)
  • [pydocstyle] Fix numpy section ordering (D420) (#23685)
  • [pyflakes] Fix false positive for names shadowing re-exports (F811) (#23356)
  • [pyupgrade] Avoid inserting redundant None elements in UP045 (#23459)

Documentation

  • Document extension mapping for Markdown code formatting (#23574)
  • Update default Python version examples (#23605)

Other changes

  • Publish releases to Astral mirror (#23616)

Contributors

Commits
  • 5e4a3d9 Bump 0.15.5 (#23743)
  • 69c23cc [ty] Render all changed diagnostics in conformance.py (#23613)
  • 4926bd5 [ty] Split deferred checks out of types/infer/builder.rs (#23740)
  • 9a70f5e Discover markdown files by default in preview mode (#23434)
  • 3dc78b0 [ty] Use HasOptionalDefinition for except handlers (#23739)
  • a6a5e8d [ty] Fix precedence of all selector in TOML configurations (#23723)
  • 2a5384b [ty] Make all selector case sensitive (#23713)
  • db77d7b [ty] Add a diagnostic if a TypeVar is used to specialize a ParamSpec, or ...
  • db28490 [ty] Override home directory in ty tests (#23724)
  • 5f0fd91 [ty] More type-variable default validation (#23639)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Deps: Bump the python-packages group with 3 updates
f6fe4da 
Bumps the python-packages group with 3 updates: [charset-normalizer](https://github.com/jawah/charset_normalizer), [imagesize](https://github.com/shibukawa/imagesize_py) and [ruff](https://github.com/astral-sh/ruff).


Updates `charset-normalizer` from 3.4.4 to 3.4.5
- [Release notes](https://github.com/jawah/charset_normalizer/releases)
- [Changelog](https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md)
- [Commits](jawah/charset_normalizer@3.4.4...3.4.5)

Updates `imagesize` from 1.4.1 to 1.5.0
- [Commits](shibukawa/imagesize_py@1.4.1...1.5.0)

Updates `ruff` from 0.15.4 to 0.15.5
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.4...0.15.5)

---
updated-dependencies:
- dependency-name: charset-normalizer
  dependency-version: 3.4.5
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: python-packages
- dependency-name: imagesize
  dependency-version: 1.5.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: ruff
  dependency-version: 0.15.5
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: python-packages
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Mar 9, 2026
@dependabot dependabot bot requested review from a team as code owners March 9, 2026 04:10
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Mar 9, 2026
@greenbonebot greenbonebot enabled auto-merge (rebase) March 9, 2026 04:11
@github-actions
Copy link

github-actions bot commented Mar 9, 2026

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 2 package(s) with unknown licenses.
See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA f6fe4da.
Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

poetry.lock

PackageVersionLicenseIssue Type
charset-normalizer3.4.5NullUnknown License
ruff0.15.5NullUnknown License
Allowed Licenses: 0BSD, AGPL-3.0-or-later, Apache-2.0, BlueOak-1.0.0, BSD-2-Clause, BSD-3-Clause-Clear, BSD-3-Clause, BSL-1.0, bzip2-1.0.6, CAL-1.0, CC-BY-3.0, CC-BY-4.0, CC-BY-SA-4.0, CC0-1.0, EPL-2.0, GPL-1.0-or-later, GPL-2.0-only, GPL-2.0-or-later, GPL-2.0, GPL-3.0-only, GPL-3.0-or-later, GPL-3.0, ISC, LGPL-2.0-only, LGPL-2.0-or-later, LGPL-2.1-only, LGPL-2.1-or-later, LGPL-2.1, LGPL-3.0-only, LGPL-3.0, LGPL-3.0-or-later, MIT, MIT-CMU, MPL-1.1, MPL-2.0, OFL-1.1, PSF-2.0, Python-2.0, Python-2.0.1, Unicode-3.0, Unicode-DFS-2016, Unlicense, Zlib, ZPL-2.1

OpenSSF Scorecard

PackageVersionScoreDetails
pip/charset-normalizer 3.4.5 UnknownUnknown
pip/imagesize 1.5.0 🟢 3.8
Details
CheckScoreReason
Code-Review⚠️ 0Found 0/15 approved changesets -- score normalized to 0
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1030 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
pip/ruff 0.15.5 UnknownUnknown

Scanned Files

  • poetry.lock

@github-actions
Copy link

github-actions bot commented Mar 9, 2026

Conventional Commits Report

Type Number
Dependencies 1

🚀 Conventional commits found.

@greenbonebot greenbonebot merged commit 5afc7d3 into main Mar 9, 2026
26 checks passed
@greenbonebot greenbonebot deleted the dependabot/pip/python-packages-19ea060acf branch March 9, 2026 07:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bjoernricks bjoernricks bjoernricks approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bjoernricks @greenbonebot