| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
## Symptom
The v0.3.0 publish workflow failed at the Docker image pull step:
> docker: Error response from daemon: manifest unknown
>
ghcr.io/pypa/gh-action-pypi-publish:6733eb7d741f0b11ec6a39b58540dab7590f9b7d
PyPI upload didn't happen. v0.3.0 tag and GitHub release exist, but the
package is not yet on PyPI.
## Root cause
#35 pinned `pypa/gh-action-pypi-publish` to
`6733eb7d741f0b11ec6a39b58540dab7590f9b7d`. That's the **tag-object
SHA** for v1.14.0, not the **commit SHA** the tag points to. Annotated
tags have their own SHA which dereferences to a commit, and I used
`.object.sha` from `git/refs/tags/v1.14.0` directly without checking
`.object.type` (which was `tag`, not `commit`).
The actual v1.14.0 commit SHA is
`cef221092ed1bacb1cc03d23a2d87d1d172e277b` (verified by following the
tag object, and cross-checked against `refs/heads/release/v1` which
points at the same commit).
Docker images for the publish action are tagged with the *commit* SHA,
not the tag-object SHA, hence "manifest unknown."
## Fix
Two changes to `.github/workflows/python-publish.yml`:
1. SHA bump: `6733eb7d…` → `cef221092…` (still v1.14.0, just the right
SHA this time).
2. Add `workflow_dispatch:` trigger so we can manually re-run publish
after merge without deleting/recreating the release.
## After merge
Run `gh workflow run python-publish.yml` to dispatch the fixed workflow
against `main`. The package contents are identical to what's at the
v0.3.0 tag (we only changed the workflow file), so PyPI gets
`edify==0.3.0` as intended.
Closes #52
|
|
#35 pinned `pypa/gh-action-pypi-publish` to
`6733eb7d741f0b11ec6a39b58540dab7590f9b7d`, which is the **tag
object** SHA for v1.14.0, not the commit it points to. The publish
action's Docker image is built per commit SHA, so pulling
`ghcr.io/pypa/gh-action-pypi-publish:6733eb7d...` failed with
"manifest unknown" and the v0.3.0 PyPI upload never happened.
The actual v1.14.0 commit SHA is
`cef221092ed1bacb1cc03d23a2d87d1d172e277b` (the tag object
dereferences to it, and `refs/heads/release/v1` agrees).
Also adding `workflow_dispatch:` trigger so we can re-run publish
without deleting/recreating the GitHub release. The release-only
trigger left us with no path to retry after the failure.
Closes #52
|
|
## Summary
One-line change: `0.3.0 (unreleased)` → `0.3.0 (2026-04-29)`. Stamps the
changelog with the release date so it's ready to be the body of the
GitHub release we cut after this lands.
No metadata changes — version was bumped to 0.3.0 in #45 and has been
parked there since. This is purely the changelog header date.
## After merge
1. Sync `main` locally.
2. Create GitHub release tagged `v0.3.0` with the relevant changelog
section as release notes.
3. The `Upload Python Package` workflow runs on `release: published` and
uploads to PyPI via the existing `PYPI_API_TOKEN` secret.
4. Confirm `edify==0.3.0` is live on PyPI.
Closes #50
|
|
Stamp the changelog header with today's date in preparation for
tagging v0.3.0. No metadata changes — version was already set to
0.3.0 in #45; this just dates the entry so the release notes are
ready when we cut the tag.
Closes #50
|
|
## Summary
RTD has been failing the build pipeline for `latest` because the PDF
format can't be produced. HTML and htmlzip succeed; PDF fails on
`pdflatex`'s inability to render the README's SVG badges or the IPA
Unicode in the project pronunciation, leaves a damaged output, and RTD's
uploader refuses with *"Build output directory for format 'pdf' contains
multiple files."*
This drops the `formats: all` line from `.readthedocs.yml`, which
defaults RTD back to HTML-only.
Re-introducing PDF would require switching the LaTeX engine to
`xelatex`/`lualatex` and hiding every README badge behind `.. only::
html` directives, with the standing risk that any new badge or non-ASCII
character re-breaks it. PDFs of a regex-builder library aren't worth
that maintenance bill.
If the htmlzip download specifically is missed, that's a one-line
follow-up: `formats: [htmlzip]`.
Closes #48
|
|
RTD's PDF format was failing because:
1. README.rst's SVG badges can't be embedded by pdflatex
(`Unknown graphics extension: .svg` x 8).
2. The IPA pronunciation `/ˈɛdɪfaɪ/` uses Unicode codepoints not
set up for use with pdflatex (would need xelatex/lualatex).
`latexmk` exited 12, leaving a damaged `edify.pdf` plus aux files in
the output directory; RTD's uploader then refused with "Build output
directory for format 'pdf' contains multiple files."
Removing `formats: all` from `.readthedocs.yml` defaults RTD to HTML
only. PDFs of a regex-builder library aren't worth the maintenance
cost — fixing them would require switching the LaTeX engine and
hiding every badge behind `.. only:: html` directives, with the
guarantee that any new badge or Unicode glyph re-breaks it.
Closes #48
|
|
## Summary
The repo was bootstrapped from `cookiecutter-pylibrary`. The
regeneration scaffolding has been sitting around since then — unused,
out of date, and in some cases pointing at infrastructure (AppVeyor)
that hasn't been part of CI for years. This PR knocks it all down in one
sweep so nothing dead-by-design remains in the tree.
10 files changed, **+13 / -314**.
## Removed
- `.cookiecutterrc` — cookiecutter regen metadata.
- `ci/bootstrap.py` — entry point for regenerating workflow files from
the templates.
- `ci/templates/` (whole directory):
- `.appveyor.yml` template — AppVeyor isn't wired up.
- `.github/workflows/github-actions.yml` Jinja template — the live
workflow has evolved past it via #32, #35, #37.
## Coupled updates
- `tox.ini` — dropped the `[testenv:bootstrap]` env (calls deleted
`bootstrap.py`) and the `bootstrap` reference in the basepython
selector.
- `MANIFEST.in` — removed `include .cookiecutterrc`.
- `setup.cfg` — removed `ci/templates` from the flake8 `exclude` and
isort `skip` lists.
- `.pre-commit-config.yaml` — removed `ci/templates` from the top-level
`exclude` regex.
- `tests.local.sh` — replaced the per-version `if/elif` chain (which
still listed Python 3.7 and missed 3.12-3.14) with a single programmatic
`tox -e py$VERSION` lookup against `tox --listenvs-all`.
Self-maintaining when the matrix changes.
- `CHANGELOG.rst` — added a Housekeeping bullet for this PR under `0.3.0
(unreleased)`.
## Live and untouched
`ci/requirements.txt` is installed by every CI workflow (`pip install -r
ci/requirements.txt`). Not regen-related.
After this lands there should be **no dead infra** left in the tree.
Closes #46
|
|
The repo was bootstrapped from `cookiecutter-pylibrary`. The
regeneration scaffolding has been sitting around since then — unused,
out of date, and in some cases pointing at infrastructure (AppVeyor)
that hasn't been part of CI for years. Knock it all down in one
sweep so there's nothing dead-by-design in the tree after this PR.
Removed
- `.cookiecutterrc` — cookiecutter regen metadata.
- `ci/bootstrap.py` — entry point for regenerating workflow files
from the templates.
- `ci/templates/` (whole directory):
- `.appveyor.yml` template (AppVeyor isn't wired up).
- `.github/workflows/github-actions.yml` Jinja template (the live
workflow has evolved past it via #32, #35, #37).
Coupled updates
- `tox.ini`: dropped the `[testenv:bootstrap]` env (calls deleted
`bootstrap.py`) and the `bootstrap` reference in the basepython
selector.
- `MANIFEST.in`: removed `include .cookiecutterrc`.
- `setup.cfg`: removed `ci/templates` from the flake8 `exclude` and
isort `skip` lists (dead exclusion paths).
- `.pre-commit-config.yaml`: removed `ci/templates` from the
top-level `exclude` regex.
- `tests.local.sh`: replaced the per-version `if/elif` chain (which
still listed Python 3.7 and missed 3.12-3.14) with a single
programmatic `tox -e py$VERSION` lookup against
`tox --listenvs-all`. Self-maintaining when the matrix changes.
- `CHANGELOG.rst`: added a Housekeeping bullet for this PR.
Live and untouched
- `ci/requirements.txt` is still installed by every CI workflow
(`pip install -r ci/requirements.txt`). Not regen-related.
Closes #46
|
|
Park the metadata at 0.3.0. This is not the release — the changelog
header stays "(unreleased)" and we'll swap in a date when we actually
tag.
- setup.py, docs/conf.py, src/edify/__init__.py, .bumpversion.cfg:
0.2.2 -> 0.3.0.
- README.rst: bump both `commits-since/v0.2.2` shields to v0.3.0.
The shield will 404 until v0.3.0 is tagged, which is an accepted
trade-off for keeping `bumpversion` config consistent.
- CHANGELOG.rst: replace Copilot's stub `Unreleased` heading with a
real `0.3.0 (unreleased)` entry covering everything since 0.2.2 —
Python 3.7 drop (#32), 3.12/3.13/3.14 support and RTD updates
(#31), GitHub Actions and PyPy and pre-commit modernization
(#33, #35, #37), dependency floor bumps (#25-#29), repo
infrastructure (#39), and housekeeping (#41, #43).
- docs/conf.py: fix `extlinks` caption format. The old style — a bare
prefix string like 'PR #' — was deprecated in Sphinx 5 and removed
in Sphinx 6, but the bug stayed latent because no existing
CHANGELOG entry actually used the `:pr:` or `:issue:` roles. The
new changelog uses `:pr:` for every cross-reference, which is what
surfaced the breakage in the docs CI job. Updated both captions to
the modern `'PR #%s'` / `'#%s'` form.
Closes #44
|
|
Two unrelated-but-tiny housekeeping items:
- ci/templates/.github/workflows/github-actions.yml: the cookiecutter
template still wrapped the matrix loop in
`{% if prefix not in ['py37', 'pypy37'] %}`. Those tox envs were
removed from `envlist` in #32, so the loop never visits them and the
guard never fires. Dead Jinja, removed.
- docs/conf.py: copyright year was hardcoded to '2022', which Sphinx
was happily rendering as the docs footer in 2026. Bumped to a
'2022-2026' span.
Closes #42
|
|
Bobby's personal website moved from `thatcomputerscientist.com`
to `shi.foo`. Two files held the old URL:
- `AUTHORS.rst`: author line
- `.cookiecutterrc`: `website:` field used by the cookiecutter
template that originally generated this project
natsuoto's entry in AUTHORS (added in #39) is unaffected.
Closes #40
|
|
Two pieces of collaboration infrastructure:
- `.github/CODEOWNERS`: a single `* @luciferreeves` rule. Combined with
the "Require review from Code Owners" branch-protection rule on
`main`, every PR will auto-request Bobby as reviewer and cannot
merge without his approval.
- `AUTHORS.rst`: add `natsuoto`, the agent identity that has authored
every commit from #32 onward.
Closes #38
|
|
## Summary
Our CI was the only PyPy line tested was `pypy-3.8`, which reached
end-of-life in October 2024 (last release December 2022). Replace it
with the actively maintained PyPy lines.
## State per upstream
Source: https://downloads.python.org/pypy/versions.json
| PyPy line | Last stable | Status |
|---|---|---|
| `pypy-3.8` | 2022-12-29 | **EOL** |
| `pypy-3.9` | 2024-04-24 | Effectively EOL — no releases in ~2 years |
| `pypy-3.10` | 2025-02-26 | Maintained |
| `pypy-3.11` | 2026-03-13 | Current stable |
## Changes
- **`tox.ini`** — `envlist`: `pypy38` → `pypy310, pypy311`. Same swap in
the `basepython` block.
- **`.github/workflows/github-actions.yml`** — 3 `pypy38` matrix entries
removed, 6 new entries added (`pypy310` and `pypy311`, each across
`ubuntu-latest`, `windows-latest`, `macos-latest`), mirroring the
existing CPython 3-OS pattern.
`pypy-3.9` is intentionally skipped — its last release was April 2024
with no signal of ongoing maintenance, so testing it would just inherit
the same stale-CI problem we're fixing.
`setup.py` classifiers don't enumerate PyPy minor versions (only
`Implementation :: PyPy`), so no metadata change is needed there.
The Jinja template at
`ci/templates/.github/workflows/github-actions.yml` still has a
`['py37', 'pypy37']` exclusion that's now dead code (those envs have
been gone since #32). Cleaning the template is out of scope for this PR.
Closes #36
|
|
PyPy 3.8 reached end-of-life in October 2024 and was the only PyPy
line we tested. PyPy 3.9's last release was April 2024 and is
effectively EOL too. Per upstream (downloads.python.org/pypy):
- pypy-3.10 last release 2025-02-26 (maintained)
- pypy-3.11 last release 2026-03-13 (current stable)
Drop pypy38 jobs and replace with pypy310 and pypy311, mirroring the
existing 3-OS pattern (ubuntu, windows, macos).
- tox.ini: envlist swap pypy38 -> pypy310, pypy311; same swap in the
basepython block.
- .github/workflows/github-actions.yml: 3 pypy38 jobs out, 6 new ones
(2 versions x 3 OSes) in the matrix include list.
setup.py classifiers don't enumerate PyPy minor versions
(`Implementation :: PyPy`), so no metadata change needed.
Closes #36
|
|
## Summary
Pure version bumps for the four GitHub Actions referenced under
`.github/workflows/`. No behavior change — actions are pinned to current
majors (or the current SHA, in the case of the third-party publish
action).
| File | Action | Before | After |
|---|---|---|---|
| `github-actions.yml`, `coverage.yml`, `python-publish.yml`,
`codeql-analysis.yml` | `actions/checkout` | `@v3` | `@v5` |
| `github-actions.yml`, `coverage.yml`, `python-publish.yml` |
`actions/setup-python` | `@v3` | `@v5` |
| `codeql-analysis.yml` |
`github/codeql-action/{init,autobuild,analyze}` | `@v2` | `@v3` |
| `python-publish.yml` | `pypa/gh-action-pypi-publish` | old SHA |
`v1.14.0` SHA + version comment |
## Why now
The `@v3` actions ran on the **Node 16 runtime**, which reached
end-of-life in 2023 and is on borrowed time on GitHub-hosted runners.
`@v5` (and `codeql-action @v3`) all use Node 20, the current supported
runtime. We were also missing security/bug fixes shipped in newer
majors.
## Conventions used
- First-party actions (`actions/*`, `github/*`) → floating major-version
tag (`@v5`, `@v3`). Standard for first-party, low supply-chain risk.
- Third-party action (`pypa/gh-action-pypi-publish`) → stays SHA-pinned
for supply-chain safety. The trailing `# v1.14.0` comment makes the
human-readable version visible without sacrificing the immutable pin.
Closes #34
|
|
Pure version bumps; workflow behavior is unchanged.
- actions/checkout v3 -> v5
- actions/setup-python v3 -> v5
- github/codeql-action/{init,autobuild,analyze} v2 -> v3
- pypa/gh-action-pypi-publish SHA-pinned -> v1.14.0 SHA, with
trailing version comment for human readability
The @v3 actions ran on the deprecated Node 16 runtime; @v5 (and
codeql-action @v3) all use Node 20, the current GitHub-supported
runtime. Third-party pypa publish action stays SHA-pinned for
supply-chain safety.
Closes #34
|
|
## Summary
`.pre-commit-config.yaml` was broken on three fronts. This PR fixes all
of them.
### What was wrong
1. **`rev: main` / `rev: master`** — modern pre-commit rejects floating
refs and requires immutable tags (or a SHA) so hook versions are
reproducible across contributors. Every hook in the file had this.
2. **Dead repo URLs.**
- `gitlab.com/pycqa/flake8` was archived years ago. `flake8` now lives
at [`github.com/PyCQA/flake8`](https://github.com/PyCQA/flake8).
- `timothycrosley/isort` was renamed to
[`PyCQA/isort`](https://github.com/PyCQA/isort) and the old org redirect
can't be relied on for hooks.
3. **`psf/black`** still works, but the upstream-recommended hook source
is now
[`psf/black-pre-commit-mirror`](https://github.com/psf/black-pre-commit-mirror),
which ships without black's full dependency tree → significantly faster
hook installs.
### Pinned versions
| Hook | Old | New |
|---|---|---|
| `pre-commit/pre-commit-hooks` | `main` | `v6.0.0` |
| `PyCQA/isort` (was `timothycrosley/isort`) | `main` | `8.0.1` |
| `psf/black-pre-commit-mirror` (was `psf/black`) | `main` | `26.3.1` |
| `PyCQA/flake8` (was `gitlab.com/pycqa/flake8`) | `master` | `7.3.0` |
All four are the latest stable releases as of this PR.
## Notes
- Hooks run in pre-commit's own isolated venvs, so the linter Pythons
don't have to match the project's `python_requires=>=3.8` floor.
- The existing `[flake8]` config in `setup.cfg` (`max-line-length =
140`, exclusions) is unchanged and still applies.
- pre-commit.ci was discussed but intentionally left out of this PR to
keep scope narrow. Easy follow-up if we want it.
## Test plan
- [ ] CI `check` env still passes (it runs `flake8` and `isort
--check-only` directly via tox, not via pre-commit, so this PR shouldn't
affect it).
- [ ] `pre-commit run --all-files` works locally on a fresh checkout
(hooks install from the new revs).
|
|
The pre-commit config was broken on three fronts:
- `rev: main` / `rev: master` is rejected by modern pre-commit, which
requires immutable tags (or a SHA) so hook versions are reproducible.
- `gitlab.com/pycqa/flake8` was archived years ago. flake8 now lives at
`github.com/PyCQA/flake8`.
- `timothycrosley/isort` was renamed to `PyCQA/isort` and the old path
no longer resolves reliably.
Pin every hook to its current latest release and replace `psf/black` with
`psf/black-pre-commit-mirror`, the upstream-recommended mirror that ships
without black's full dependency tree (faster hook installs).
- pre-commit/pre-commit-hooks → v6.0.0
- PyCQA/isort → 8.0.1
- psf/black-pre-commit-mirror → 26.3.1
- PyCQA/flake8 → 7.3.0
|
|
## Summary
Python 3.7 reached end-of-life on 2023-06-27. Copilot dropped 3.7 from
the CI matrix in #30 but left the rest of the project metadata pointing
at it. This PR finishes the job so 3.8 is the consistent floor
everywhere.
## Changes
- [`setup.py`](../blob/drop-python-3.7-support/setup.py): drop the
`Programming Language :: Python :: 3.7` classifier and bump
`python_requires` to `>=3.8`.
- [`pyproject.toml`](../blob/drop-python-3.7-support/pyproject.toml):
bump black `target-version` to `py38`.
- [`tox.ini`](../blob/drop-python-3.7-support/tox.ini): drop the `py37`
and `pypy37` envs from `envlist` and their `basepython` entries.
- [`README.rst`](../blob/drop-python-3.7-support/README.rst): update the
quick-start to "Python 3.8-3.14".
-
[`ci/templates/.appveyor.yml`](../blob/drop-python-3.7-support/ci/templates/.appveyor.yml):
bump the `check` env from Python 3.6 → 3.8 so the template's floor
matches the project's. Template only — not currently rendered into a
live AppVeyor config.
PyPy 3.8 is end-of-life as of October 2024, but I've intentionally left
it in this PR so the diff stays scoped to "drop 3.7." It will be cleaned
up in a follow-up PR that refreshes the PyPy CI matrix.
**BREAKING CHANGE:** Edify now requires Python 3.8 or newer. The next
release will be `0.3.0`.
## Test plan
- [ ] CI matrix passes on all of py38, py39, py310, py311, py312, py313,
py314, and pypy38.
- [ ] `check` and `docs` tox envs pass.
|
|
3.7 reached end-of-life on 2023-06-27. Copilot dropped 3.7 from the CI
matrix in #30 but left the rest of the metadata pointing at it.
- setup.py: drop the 3.7 classifier and bump `python_requires` to >=3.8
- pyproject.toml: bump black `target-version` to py38
- tox.ini: drop `py37` and `pypy37` envs and basepython entries
- README.rst: bump quick-start Python range to 3.8-3.14
- ci/templates/.appveyor.yml: bump the `check` env from Python 3.6 to 3.8
to keep the floor consistent (template only, not currently rendered)
BREAKING CHANGE: Edify now requires Python 3.8 or newer.
|
|
## Summary
- note Python 3.7-3.14 support in the README
- add an Unreleased changelog entry for 3.14 support and RTD config
updates
- add Read the Docs build configuration with explicit OS/Python settings
## Testing
- tox -e check,docs,py312 *(fails: sphinx linkcheck cannot resolve
external URLs in this environment)*
|
|
Agent-Logs-Url: https://github.com/luciferreeves/edify/sessions/2225fc94-db6d-4e8e-a836-dcf75baa47c8
Co-authored-by: luciferreeves <[email protected]>
|
|
- [x] Fix `pyproject.toml` setuptools pin (>=75.0)
- [x] Change macOS runner from macos-13 → macos-latest
- [x] Fix remaining macOS failures: remove `python_arch: x64` from all
macOS matrix entries (dyld/libintl error on ARM runners)
- [x] Add Python 3.12, 3.13, 3.14 to `tox.ini` envlist and basepython
- [x] Add py312/313/314 matrix entries (ubuntu, windows, macos) in
workflow
- [x] Add classifiers for 3.12, 3.13, 3.14 in `setup.py`
- [x] Update Jinja template to fix macOS `python_arch` and support new
versions
<!-- START COPILOT ORIGINAL PROMPT -->
<details>
<summary>Original prompt</summary>
> Repo: luciferreeves/edify
>
> Goal: Fix failing GitHub Actions build job where
`actions/setup-python` cannot find Python 3.7 x64 (error: "Version 3.7
with arch x64 not found").
>
> Context:
> - Failing workflow: `.github/workflows/github-actions.yml` at ref
`e793aec73c03266d6952fb5bc901229e69814809`.
> - The matrix includes CPython 3.7 jobs (`py37 (ubuntu/windows/macos)`)
and PyPy 3.7 jobs (`pypy37 (ubuntu/windows/macos)`), which may fail
similarly.
>
> Tasks:
> 1) Update `.github/workflows/github-actions.yml` to ensure CI passes
on GitHub-hosted runners.
> - Remove or disable Python 3.7 jobs across all OSes.
> - Also remove/disable PyPy 3.7 jobs if present to avoid future similar
failures.
> - Keep the rest of the matrix intact (3.8, 3.9, 3.10, 3.11, check,
docs, pypy38).
> 2) If there is a templated workflow at
`ci/templates/.github/workflows/github-actions.yml`, update it
consistently so regeneration won’t reintroduce 3.7 entries.
> 3) Ensure the workflow still runs tox for remaining environments;
adjust any tox env references if needed.
> 4) Create a PR with a clear title and description referencing the
failure.
>
> Notes:
> - Do not assume default branch name; let tooling pick.
> - Ensure changes apply to "all builds" (i.e., all OS matrix entries)
by removing 3.7 variants everywhere.
>
>
> The following is the prior conversation context from the user's chat
exploration (may be truncated):
>
> User: Please find a solution for this failing job. Use the logs, job
definition, and any referenced files where the failure occurred. Keep
your response focused on the solution and include code suggestions when
appropriate.
>
> Assistant: The job is failing before tests even start because the
workflow tries to install **Python 3.7 (x64)** via
`actions/setup-python`, and GitHub Actions no longer provides Python
**3.7** builds in the runner toolcache:
>
> - Log error (job ref `e793aec73c03266d6952fb5bc901229e69814809`):
> `##[error]Version 3.7 with arch x64 not found`
>
> ### Fix (recommended): Stop testing on Python 3.7 in GitHub Actions
> Update the matrix in `.github/workflows/github-actions.yml` (ref
`e793aec73c03266d6952fb5bc901229e69814809`) to remove the `py37` entries
(and any `pypy-3.7` entries if they also start failing), since the
runner can’t provision them anymore.
>
> **Edit:**
`https://github.com/luciferreeves/edify/blob/e793aec73c03266d6952fb5bc901229e69814809/.github/workflows/github-actions.yml`
>
> Remove these blocks:
>
> ```yaml
> - name: 'py37 (ubuntu)'
> python: '3.7'
> toxpython: 'python3.7'
> python_arch: 'x64'
> tox_env: 'py37'
> os: 'ubuntu-latest'
>
> - name: 'py37 (windows)'
> python: '3.7'
> toxpython: 'python3.7'
> python_arch: 'x64'
> tox_env: 'py37'
> os: 'windows-latest'
>
> - name: 'py37 (macos)'
> python: '3.7'
> toxpython: 'python3.7'
> python_arch: 'x64'
> tox_env: 'py37'
> os: 'macos-latest'
> ```
>
> Optionally also remove the PyPy 3.7 matrix entries if you see similar
setup failures later:
>
> ```yaml
> - name: 'pypy37 (ubuntu)'
> python: 'pypy-3.7'
> # ...
> - name: 'pypy37 (windows)'
> python: 'pypy-3.7'
> # ...
> - name: 'pypy37 (macos)'
> python: 'pypy-3.7'
> # ...
> ```
>
> ### Alternative (if you must keep 3.7 coverage): move 3.7 to a
different CI strategy
> If Python 3.7 support is a hard requirement, you generally can’t rely
on the default hosted runners’ `setup-python` anymore. Common approaches
are:
> - run 3.7 tests in a **Docker container** (Linux) that has Python 3.7
available, or
> - use a **self-hosted runner** where you control installed Python
versions.
>
> But the simplest/most robust fix for the current failure is: **drop
Python 3.7 from the GitHub Actions matrix**.
>
> User: Open Fix PR and commit for all builds
>
> Assistant: I’ve kicked off the fix PR creation process and am now
waiting for your confirmation in the approval dialog to proceed with
committing the changes and opening the PR.
>
>
</details>
<!-- START COPILOT CODING AGENT SUFFIX -->
*This pull request was created from Copilot chat.*
>
|
|
Agent-Logs-Url: https://github.com/luciferreeves/edify/sessions/16418662-2de9-4625-aad9-e9fc6cecb1c5
Co-authored-by: luciferreeves <[email protected]>
|
|
CI jobs
Agent-Logs-Url: https://github.com/luciferreeves/edify/sessions/8d8a009c-758c-4ab2-b58c-3fc7b67455a9
Co-authored-by: luciferreeves <[email protected]>
|
|
Agent-Logs-Url: https://github.com/luciferreeves/edify/sessions/d523264f-a40b-4cb6-883b-568d6c65cace
Co-authored-by: luciferreeves <[email protected]>
|
|
Agent-Logs-Url: https://github.com/luciferreeves/edify/sessions/e7f51b79-93cc-48ac-bcc0-db3ca7b27a85
Co-authored-by: luciferreeves <[email protected]>
|
|
Agent-Logs-Url: https://github.com/luciferreeves/edify/sessions/84345a0f-6985-4c88-99ec-f3b073ec18e1
Co-authored-by: luciferreeves <[email protected]>
|
|
|
|
[//]: # (dependabot-start)
⚠️ **Dependabot is rebasing this PR** ⚠️
Rebasing might not happen immediately, so don't worry if this takes some
time.
Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.
---
[//]: # (dependabot-end)
Updates the requirements on [pip](https://github.com/pypa/pip) to permit
the latest version.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>26.0.1 (2026-02-04)</h1>
<h2>Bug Fixes</h2>
<ul>
<li>Fix <code>--pre</code> not being respected from the command line
when a requirement file
includes an option e.g. <code>-extra-index-url</code>.
(<code>[#13788](https://github.com/pypa/pip/issues/13788)
<https://github.com/pypa/pip/issues/13788></code>_)</li>
</ul>
<h1>26.0 (2026-01-30)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Remove support for non-bare project names in egg fragments. Affected
users should use
the <code>Direct URL requirement syntax
<https://packaging.python.org/en/latest/specifications/version-specifiers/#direct-references></code><em>.
(<code>[#13157](https://github.com/pypa/pip/issues/13157)
<https://github.com/pypa/pip/issues/13157></code></em>)</li>
</ul>
<h2>Features</h2>
<ul>
<li>
<p>Display pip's command-line help in colour, if possible.
(<code>[#12134](https://github.com/pypa/pip/issues/12134)
<https://github.com/pypa/pip/issues/12134></code>_)</p>
</li>
<li>
<p>Support installing dependencies declared with inline script metadata
(:pep:<code>723</code>) with <code>--requirements-from-script</code>.
(<code>[#12891](https://github.com/pypa/pip/issues/12891)
<https://github.com/pypa/pip/issues/12891></code>_)</p>
</li>
<li>
<p>Add <code>--all-releases</code> and <code>--only-final</code> options
to control pre-release
and final release selection during package installation.
(<code>[#13221](https://github.com/pypa/pip/issues/13221)
<https://github.com/pypa/pip/issues/13221></code>_)</p>
</li>
<li>
<p>Add <code>--uploaded-prior-to</code> option to only consider packages
uploaded prior to
a given datetime when the <code>upload-time</code> field is available
from a remote index.
(<code>[#13625](https://github.com/pypa/pip/issues/13625)
<https://github.com/pypa/pip/issues/13625></code>_)</p>
</li>
<li>
<p>Add <code>--use-feature inprocess-build-deps</code> to request that
build dependencies are installed
within the same pip install process. This new mechanism is faster,
supports <code>--no-clean</code>
and <code>--no-cache-dir</code> reliably, and supports prompting for
authentication.</p>
<p>Enabling this feature will also enable <code>--use-feature
build-constraints</code>. This feature will
become the default in a future pip version.
(<code>[#9081](https://github.com/pypa/pip/issues/9081)
<https://github.com/pypa/pip/issues/9081></code>_)</p>
</li>
<li>
<p><code>pip cache purge</code> and <code>pip cache remove</code> now
clean up empty directories
and legacy files left by older pip versions.
(<code>[#9058](https://github.com/pypa/pip/issues/9058)
<https://github.com/pypa/pip/issues/9058></code>_)</p>
</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Fix selecting pre-release versions when only pre-releases match.
For example, <code>package>1.0</code> with versions <code>1.0,
2.0rc1</code> now installs
<code>2.0rc1</code> instead of failing.
(<code>[#13746](https://github.com/pypa/pip/issues/13746)
<https://github.com/pypa/pip/issues/13746></code>_)</li>
<li>Revisions in version control URLs now must be percent-encoded.
For example, use <code>git+https://example.com/repo.git@issue%231</code>
to specify the branch <code>issue#1</code>.
If you previously used a branch name containing a <code>%</code>
character in a version control URL, you now need to replace it with
<code>%25</code> to ensure correct percent-encoding.
(<code>[#13407](https://github.com/pypa/pip/issues/13407)
<https://github.com/pypa/pip/issues/13407></code>_)</li>
<li>Preserve original casing when a path is displayed.
(<code>[#6823](https://github.com/pypa/pip/issues/6823)
<https://github.com/pypa/pip/issues/6823></code>_)</li>
<li>Fix bash completion when the <code>$IFS</code> variable has been
modified from its default.
(<code>[#13555](https://github.com/pypa/pip/issues/13555)
<https://github.com/pypa/pip/issues/13555></code>_)</li>
<li>Precompute Python requirements on each candidate, reducing time of
long resolutions.
(<code>[#13656](https://github.com/pypa/pip/issues/13656)
<https://github.com/pypa/pip/issues/13656></code>_)</li>
<li>Skip redundant work converting version objects to strings when using
the</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/5fe4ea4f24cd9756316a4b5ef05daa15d84f7d0c"><code>5fe4ea4</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/bea3cbe3b4d637be6d5007e9a5a2327e500b00d8"><code>bea3cbe</code></a>
windows fix tests</li>
<li><a
href="https://github.com/pypa/pip/commit/ed22252bd19a71ce351b84405fa23230ca45ceea"><code>ed22252</code></a>
News Entry</li>
<li><a
href="https://github.com/pypa/pip/commit/af1327407f048bd2310b8b633f8e8a4e41c38d2c"><code>af13274</code></a>
Match release control behavior to the same as format control
behavior</li>
<li><a
href="https://github.com/pypa/pip/commit/2f4d4a836ed00076001376fbb0ce6dc4f22cdae2"><code>2f4d4a8</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13779">#13779</a> from
notatallshaw/fix-26.0-news</li>
<li><a
href="https://github.com/pypa/pip/commit/04307a42261749cfa1c86a5537ad88f44ed2a41a"><code>04307a4</code></a>
fix 26.0 news</li>
<li><a
href="https://github.com/pypa/pip/commit/6ec7b0a488f614a7632442fe7c651957fdb5fc85"><code>6ec7b0a</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13775">#13775</a> from
notatallshaw/release/26.0</li>
<li><a
href="https://github.com/pypa/pip/commit/4104356cd83d1614af45d203d64cb84705dad9d2"><code>4104356</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/58be8836b68814295d33bc5c56c38d3a0659ae81"><code>58be883</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/66f2dece5ba9cc0ee9fe7035c46ba4b0756559b5"><code>66f2dec</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13778">#13778</a> from
ichard26/docs/groups</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/19.1.1...26.0.1">compare
view</a></li>
</ul>
</details>
<br />
|
|
|
|
Updates the requirements on
[setuptools](https://github.com/pypa/setuptools) to permit the latest
version.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/setuptools/blob/main/NEWS.rst">setuptools's
changelog</a>.</em></p>
<blockquote>
<h1>v82.0.1</h1>
<h2>Bugfixes</h2>
<ul>
<li>Fix the loading of <code>launcher manifest.xml</code> file. (<a
href="https://redirect.github.com/pypa/setuptools/issues/5047">#5047</a>)</li>
<li>Replaced deprecated <code>json.__version__</code> with fixture in
tests. (<a
href="https://redirect.github.com/pypa/setuptools/issues/5186">#5186</a>)</li>
</ul>
<h2>Improved Documentation</h2>
<ul>
<li>Add advice about how to improve predictability when installing
sdists. (<a
href="https://redirect.github.com/pypa/setuptools/issues/5168">#5168</a>)</li>
</ul>
<h2>Misc</h2>
<ul>
<li><a
href="https://redirect.github.com/pypa/setuptools/issues/4941">#4941</a>,
<a
href="https://redirect.github.com/pypa/setuptools/issues/5157">#5157</a>,
<a
href="https://redirect.github.com/pypa/setuptools/issues/5169">#5169</a>,
<a
href="https://redirect.github.com/pypa/setuptools/issues/5175">#5175</a></li>
</ul>
<h1>v82.0.0</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li><code>pkg_resources</code> has been removed from Setuptools. Most
common uses of <code>pkg_resources</code> have been superseded by the
<code>importlib.resources
<https://docs.python.org/3/library/importlib.resources.html></code>_
and <code>importlib.metadata
<https://docs.python.org/3/library/importlib.metadata.html></code>_
projects. Projects and environments relying on
<code>pkg_resources</code> for namespace packages or other behavior
should depend on older versions of <code>setuptools</code>. (<a
href="https://redirect.github.com/pypa/setuptools/issues/3085">#3085</a>)</li>
</ul>
<h1>v81.0.0</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Removed support for the --dry-run parameter to setup.py. This one
feature by its nature threads through lots of core and ancillary
functionality, adding complexity and friction. Removal of this parameter
will help decouple the compiler functionality from distutils and thus
the eventual full integration of distutils. These changes do affect some
class and function signatures, so any derivative functionality may
require some compatibility shims to support their expected interface.
Please report any issues to the Setuptools project for investigation.
(<a
href="https://redirect.github.com/pypa/setuptools/issues/4872">#4872</a>)</li>
</ul>
<h1>v80.10.2</h1>
<h2>Bugfixes</h2>
<ul>
<li>Update vendored dependencies. (<a
href="https://redirect.github.com/pypa/setuptools/issues/5159">#5159</a>)</li>
</ul>
<p>Misc</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/setuptools/commit/5a13876673a41e3cd21d4d6e587f53d0fb4fd8e5"><code>5a13876</code></a>
Bump version: 82.0.0 → 82.0.1</li>
<li><a
href="https://github.com/pypa/setuptools/commit/51ab8f183f1c4112675d8d6ec6b004406d518ee8"><code>51ab8f1</code></a>
Avoid using (deprecated) 'json.<strong>version</strong>' in tests (<a
href="https://redirect.github.com/pypa/setuptools/issues/5194">#5194</a>)</li>
<li><a
href="https://github.com/pypa/setuptools/commit/f9c37b20bb0ed11203f676f9683452a4c3ace6f6"><code>f9c37b2</code></a>
Docs/CI: Fix intersphinx references (<a
href="https://redirect.github.com/pypa/setuptools/issues/5195">#5195</a>)</li>
<li><a
href="https://github.com/pypa/setuptools/commit/8173db2a4fc0f6cb28926b3dba59116b79f435c8"><code>8173db2</code></a>
Docs: Fix intersphinx references</li>
<li><a
href="https://github.com/pypa/setuptools/commit/09bafbc74923f2a3591b5b098be75d6af6ca5141"><code>09bafbc</code></a>
Fix past tense on newsfragment</li>
<li><a
href="https://github.com/pypa/setuptools/commit/461ea56c8e629819a23920f44d9298d4f041abde"><code>461ea56</code></a>
Add news fragment</li>
<li><a
href="https://github.com/pypa/setuptools/commit/c4ffe535b58235ff9f9ebe90d24a2cffb57e70ae"><code>c4ffe53</code></a>
Avoid using (deprecated) 'json.<strong>version</strong>' in tests</li>
<li><a
href="https://github.com/pypa/setuptools/commit/749258b1a96c7accc05ea7d842fb19fc378866fe"><code>749258b</code></a>
Cleanup <code>pkg_resources</code> dependencies and configuration (<a
href="https://redirect.github.com/pypa/setuptools/issues/5175">#5175</a>)</li>
<li><a
href="https://github.com/pypa/setuptools/commit/2019c16701667db1010c62ec11c6ef78c2e58206"><code>2019c16</code></a>
Parse <code>ext-module.define-macros</code> from
<code>pyproject.toml</code> as list of tuples (<a
href="https://redirect.github.com/pypa/setuptools/issues/5169">#5169</a>)</li>
<li><a
href="https://github.com/pypa/setuptools/commit/b809c86a37d97fcce290d5f51d4c293ab40bc685"><code>b809c86</code></a>
Sync setuptools schema with validate-pyproject (<a
href="https://redirect.github.com/pypa/setuptools/issues/5157">#5157</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/setuptools/compare/v30.3.0...v82.0.1">compare
view</a></li>
</ul>
</details>
<br />
|
|
|
|
Updates the requirements on [pip](https://github.com/pypa/pip) to permit the latest version.
- [Changelog](https://github.com/pypa/pip/blob/main/NEWS.rst)
- [Commits](https://github.com/pypa/pip/compare/19.1.1...26.0.1)
---
updated-dependencies:
- dependency-name: pip
dependency-version: 26.0.1
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <[email protected]>
|
|
Updates the requirements on [setuptools](https://github.com/pypa/setuptools) to permit the latest version.
- [Release notes](https://github.com/pypa/setuptools/releases)
- [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst)
- [Commits](https://github.com/pypa/setuptools/compare/v30.3.0...v82.0.1)
---
updated-dependencies:
- dependency-name: setuptools
dependency-version: 82.0.1
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <[email protected]>
|
|
Updates the requirements on
[sphinx](https://github.com/sphinx-doc/sphinx) to permit the latest
version.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/sphinx-doc/sphinx/releases">sphinx's
releases</a>.</em></p>
<blockquote>
<h2>Sphinx 7.4.7</h2>
<p>Changelog: <a
href="https://www.sphinx-doc.org/en/master/changes.html">https://www.sphinx-doc.org/en/master/changes.html</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/sphinx-doc/sphinx/blob/v7.4.7/CHANGES.rst">sphinx's
changelog</a>.</em></p>
<blockquote>
<h1>Release 7.4.7 (released Jul 20, 2024)</h1>
<h2>Bugs fixed</h2>
<ul>
<li><a
href="https://redirect.github.com/sphinx-doc/sphinx/issues/12096">#12096</a>:
Warn when files are overwritten in the build directory.
Patch by Adam Turner and Bénédikt Tran.</li>
<li><a
href="https://redirect.github.com/sphinx-doc/sphinx/issues/12620">#12620</a>:
Ensure that old-style object description options are respected.
Patch by Adam Turner.</li>
<li><a
href="https://redirect.github.com/sphinx-doc/sphinx/issues/12601">#12601</a>,
<a
href="https://redirect.github.com/sphinx-doc/sphinx/issues/12625">#12625</a>:
Support callable objects in :py:class:<code>~typing.Annotated</code>
type
metadata in the Python domain.
Patch by Adam Turner.</li>
<li><a
href="https://redirect.github.com/sphinx-doc/sphinx/issues/12601">#12601</a>,
<a
href="https://redirect.github.com/sphinx-doc/sphinx/issues/12622">#12622</a>:
Resolve :py:class:<code>~typing.Annotated</code> warnings with
<code>sphinx.ext.autodoc</code>,
especially when using :mod:<code>dataclasses</code> as type metadata.
Patch by Adam Turner.</li>
<li><a
href="https://redirect.github.com/sphinx-doc/sphinx/issues/12589">#12589</a>,
<a
href="https://redirect.github.com/sphinx-doc/sphinx/issues/12626">#12626</a>:
autosummary: Fix warnings with :rst:role:<code>!autolink</code>.
Patch by Adam Turner.</li>
</ul>
<h1>Release 7.4.6 (released Jul 18, 2024)</h1>
<h2>Bugs fixed</h2>
<ul>
<li><a
href="https://redirect.github.com/sphinx-doc/sphinx/issues/12589">#12589</a>,
<a
href="https://redirect.github.com/sphinx-doc/sphinx/issues/9743">#9743</a>,
<a
href="https://redirect.github.com/sphinx-doc/sphinx/issues/12609">#12609</a>:
autosummary: Do not add the package prefix when
generating autosummary directives for modules within a package.
Patch by Adam Turner.</li>
<li><a
href="https://redirect.github.com/sphinx-doc/sphinx/issues/12613">#12613</a>:
Reduce log severity for ambiguity detection during inventory loading.
Patch by James Addison.</li>
</ul>
<h1>Release 7.4.5 (released Jul 16, 2024)</h1>
<h2>Bugs fixed</h2>
<ul>
<li><a
href="https://redirect.github.com/sphinx-doc/sphinx/issues/12593">#12593</a>,
<a
href="https://redirect.github.com/sphinx-doc/sphinx/issues/12600">#12600</a>:
Revert coercing the type of selected :confval:<code>html_sidebars</code>
values to a list.
Log an error message when string values are detected.
Patch by Adam Turner.</li>
<li><a
href="https://redirect.github.com/sphinx-doc/sphinx/issues/12594">#12594</a>:
LaTeX: since 7.4.0, :rst:dir:<code>seealso</code> and other
"light" admonitions
now break PDF builds if they contain a :dudir:<code>figure</code>
directive; and also
if they are contained in a table cell (rendered by
<code>tabulary</code>).
Patch by Jean-François B.</li>
</ul>
<h1>Release 7.4.4 (released Jul 15, 2024)</h1>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/sphinx-doc/sphinx/commit/0d912c85fd3ec385432fe707f6a0678425d1e841"><code>0d912c8</code></a>
Bump to 7.4.7 final</li>
<li><a
href="https://github.com/sphinx-doc/sphinx/commit/bbc97e035720d96f617921dbd25022e121495b98"><code>bbc97e0</code></a>
autosummary: Filter invalid import prefixes in <code>autolink</code> (<a
href="https://redirect.github.com/sphinx-doc/sphinx/issues/12626">#12626</a>)</li>
<li><a
href="https://github.com/sphinx-doc/sphinx/commit/6c486a575c858b8b82d2580b76c410121663505f"><code>6c486a5</code></a>
Fix detecting file changes for the overwritten file warning (<a
href="https://redirect.github.com/sphinx-doc/sphinx/issues/12627">#12627</a>)</li>
<li><a
href="https://github.com/sphinx-doc/sphinx/commit/2bd973e7191c5bc382c1a92b37ab1f20268f42d6"><code>2bd973e</code></a>
autodoc: Fix warnings with dataclasses in <code>Annotated</code>
metadata (<a
href="https://redirect.github.com/sphinx-doc/sphinx/issues/12622">#12622</a>)</li>
<li><a
href="https://github.com/sphinx-doc/sphinx/commit/dd77f851494d24d19aecf0328c6913d121b8b51c"><code>dd77f85</code></a>
Support callables in <code>Annotated</code> types (<a
href="https://redirect.github.com/sphinx-doc/sphinx/issues/12625">#12625</a>)</li>
<li><a
href="https://github.com/sphinx-doc/sphinx/commit/1ed4ca7e038364b3b10e3d36abb84ee034d4d94c"><code>1ed4ca7</code></a>
Mark <code>test_build_manpage</code> as XFAIL following changes in
Docutils master</li>
<li><a
href="https://github.com/sphinx-doc/sphinx/commit/cd8ce07d31cfab61b6996cec1334681600dd3259"><code>cd8ce07</code></a>
Update message catalogues following reverted commits</li>
<li><a
href="https://github.com/sphinx-doc/sphinx/commit/c6cd25f50dcc2a0bc369da80e75f105a4821d43b"><code>c6cd25f</code></a>
Partially revert "Update message catalogues (<a
href="https://redirect.github.com/sphinx-doc/sphinx/issues/11626">#11626</a>)"</li>
<li><a
href="https://github.com/sphinx-doc/sphinx/commit/fa2ba7d5aeaff36aeb1a6c2f49846432fc932c7a"><code>fa2ba7d</code></a>
Partially Revert "[bot]: Update message catalogues (<a
href="https://redirect.github.com/sphinx-doc/sphinx/issues/12563">#12563</a>)"</li>
<li><a
href="https://github.com/sphinx-doc/sphinx/commit/e439c6f33f8d8e7bc06b4f6f25dadfda74869ee0"><code>e439c6f</code></a>
Ensure that old-style object description options are respected (<a
href="https://redirect.github.com/sphinx-doc/sphinx/issues/12620">#12620</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/sphinx-doc/sphinx/compare/v1.3...v7.4.7">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
|
|
|
|
Updates the requirements on
[virtualenv](https://github.com/pypa/virtualenv) to permit the latest
version.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/virtualenv/releases">virtualenv's
releases</a>.</em></p>
<blockquote>
<h2>21.3.0</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<ul>
<li>🐛 fix(type): stop ty flagging default_source on Action by <a
href="https://github.com/gaborbernat"><code>@gaborbernat</code></a> in
<a
href="https://redirect.github.com/pypa/virtualenv/pull/3124">pypa/virtualenv#3124</a></li>
<li>feat: Reintroduce xonsh shell support by <a
href="https://github.com/anki-code"><code>@anki-code</code></a> in <a
href="https://redirect.github.com/pypa/virtualenv/pull/3125">pypa/virtualenv#3125</a></li>
<li>🐛 fix(test): prevent PowerShell activation test from crashing xdist
workers on Windows by <a
href="https://github.com/gaborbernat"><code>@gaborbernat</code></a> in
<a
href="https://redirect.github.com/pypa/virtualenv/pull/3128">pypa/virtualenv#3128</a></li>
<li>docs: Add usage instruction for Xonsh activation by <a
href="https://github.com/anki-code"><code>@anki-code</code></a> in <a
href="https://redirect.github.com/pypa/virtualenv/pull/3130">pypa/virtualenv#3130</a></li>
<li>Upgrade embedded pip/setuptools/wheel by <a
href="https://github.com/github-actions"><code>@github-actions</code></a>[bot]
in <a
href="https://redirect.github.com/pypa/virtualenv/pull/3132">pypa/virtualenv#3132</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/anki-code"><code>@anki-code</code></a>
made their first contribution in <a
href="https://redirect.github.com/pypa/virtualenv/pull/3125">pypa/virtualenv#3125</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/pypa/virtualenv/compare/21.2.4...21.3.0">https://github.com/pypa/virtualenv/compare/21.2.4...21.3.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst">virtualenv's
changelog</a>.</em></p>
<blockquote>
<h1>Features - 21.3.0</h1>
<ul>
<li>Re-introduce <code>xonsh</code> shell activator
(<code>activate.xsh</code>) previously removed in 20.7.0, and make the
plugin loader
prefer virtualenv's built-in entry points so a third-party package
cannot override them by registering a duplicate
name. (:issue:<code>3003</code>)</li>
</ul>
<h1>Bugfixes - 21.3.0</h1>
<ul>
<li>
<p>Upgrade embedded wheels:</p>
<ul>
<li>pip to <code>26.1</code> (:issue:<code>3132</code>)</li>
</ul>
</li>
</ul>
<hr />
<p>v21.2.4 (2026-04-14)</p>
<hr />
<h1>Bugfixes - 21.2.4</h1>
<ul>
<li>Security hardening: validate each entry of a seed wheel archive
before extracting it so a tampered wheel cannot escape
the app-data image directory via an absolute path or <code>..</code>
traversal. (:issue:<code>3118</code>)</li>
<li>Security hardening: verify the SHA-256 of every bundled seed wheel
when it is loaded so a corrupted or tampered file
on disk fails loud instead of being handed to pip. The hash table is
generated alongside <code>BUNDLE_SUPPORT</code> by
<code>tasks/upgrade_wheels.py</code>. (:issue:<code>3119</code>)</li>
<li>Security hardening: validate the distribution name and version
specifier passed to <code>pip download</code> when acquiring a
seed wheel so extras, pip flags, or shell metacharacters cannot be
smuggled into the subprocess command line.
(:issue:<code>3120</code>)</li>
<li>Security hardening: replace the string-prefix containment check in
<code>virtualenv.util.zipapp</code> with
<code>Path.relative_to</code> so the zipapp extraction helpers refuse
any path that does not resolve under the archive root.
(:issue:<code>3121</code>)</li>
<li>Security hardening: do not silently fall back to an unverified HTTPS
context when the periodic update request to PyPI
fails TLS verification. The returned metadata drives which wheel version
virtualenv considers "up to date", so
accepting an unverified response lets a network-level attacker suppress
security updates. Set
<code>VIRTUALENV_PERIODIC_UPDATE_INSECURE=1</code> to restore the
previous behavior on hosts with broken trust stores.
(:issue:<code>3122</code>)</li>
</ul>
<hr />
<p>v21.2.3 (2026-04-14)</p>
<hr />
<p>No significant changes.</p>
<hr />
<p>v21.2.2 (2026-04-13)</p>
<hr />
<h1>Bugfixes - 21.2.2</h1>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/virtualenv/commit/e917cc244e659160607c890de2cbad3a7bc2a28c"><code>e917cc2</code></a>
release 21.3.0</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/21152f1b88c49cdefda2743cddc2cf36d50e2e57"><code>21152f1</code></a>
Upgrade embedded pip/setuptools/wheel (<a
href="https://redirect.github.com/pypa/virtualenv/issues/3132">#3132</a>)</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/096bdcd72d7a6c92dcb9dee97fd429fe3e0231a5"><code>096bdcd</code></a>
chore(deps): bump astral-sh/setup-uv from 8.0.0 to 8.1.0 (<a
href="https://redirect.github.com/pypa/virtualenv/issues/3131">#3131</a>)</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/01610dc7a8ef08158c815f43dc22ceadb98b85c0"><code>01610dc</code></a>
docs: Add usage instruction for Xonsh activation (<a
href="https://redirect.github.com/pypa/virtualenv/issues/3130">#3130</a>)</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/fb6ec7c461db2b0ccfabe7ec6255368e86cfaed3"><code>fb6ec7c</code></a>
🐛 fix(test): prevent PowerShell activation test from crashing xdist
workers o...</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/60956799efa82adac0c3d5e70d9ca1fdd63125f8"><code>6095679</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/pypa/virtualenv/issues/3129">#3129</a>)</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/8d3179cf42332501240e9ee3ddca7e376a790752"><code>8d3179c</code></a>
chore(deps): bump peter-evans/create-pull-request from 8.1.0 to 8.1.1
(<a
href="https://redirect.github.com/pypa/virtualenv/issues/3127">#3127</a>)</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/a159c50a400d4e18aca3bfde5224f09e71d2eb17"><code>a159c50</code></a>
chore(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 (<a
href="https://redirect.github.com/pypa/virtualenv/issues/3126">#3126</a>)</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/9ba729bbbbec89c121c3ce4ef205fdd403e33e26"><code>9ba729b</code></a>
feat: Reintroduce xonsh shell support (<a
href="https://redirect.github.com/pypa/virtualenv/issues/3125">#3125</a>)</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/d42ea5cd19a116dbdbb9852becace188d5b3a225"><code>d42ea5c</code></a>
🐛 fix(type): stop ty flagging default_source on Action (<a
href="https://redirect.github.com/pypa/virtualenv/issues/3124">#3124</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/virtualenv/compare/16.6.0...21.3.0">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
|
|
Updates the requirements on [six](https://github.com/benjaminp/six) to
permit the latest version.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/benjaminp/six/blob/main/CHANGES">six's
changelog</a>.</em></p>
<blockquote>
<h2>1.17.0</h2>
<ul>
<li>
<p>Pull request <a
href="https://redirect.github.com/benjaminp/six/issues/388">#388</a>:
Remove <code>URLopener</code> and <code>FancyURLopener</code> classes
from
<code>urllib.request</code> when running on Python 3.14 or greater.</p>
</li>
<li>
<p>Pull request <a
href="https://redirect.github.com/benjaminp/six/issues/365">#365</a>,
issue <a
href="https://redirect.github.com/benjaminp/six/issues/283">#283</a>:
<code>six.moves.UserDict</code> now points to
<code>UserDict.IterableUserDict</code> instead of
<code>UserDict.UserDict</code> on Python 2.</p>
</li>
</ul>
<h2>1.16.0</h2>
<ul>
<li>Pull request <a
href="https://redirect.github.com/benjaminp/six/issues/343">#343</a>,
issue <a
href="https://redirect.github.com/benjaminp/six/issues/341">#341</a>,
pull request <a
href="https://redirect.github.com/benjaminp/six/issues/349">#349</a>:
Port _SixMetaPathImporter to
Python 3.10.</li>
</ul>
<h2>1.15.0</h2>
<ul>
<li>Pull request <a
href="https://redirect.github.com/benjaminp/six/issues/331">#331</a>:
Optimize <code>six.ensure_str</code> and
<code>six.ensure_binary</code>.</li>
</ul>
<h2>1.14.0</h2>
<ul>
<li>
<p>Issue <a
href="https://redirect.github.com/benjaminp/six/issues/288">#288</a>,
pull request <a
href="https://redirect.github.com/benjaminp/six/issues/289">#289</a>:
Add <code>six.assertNotRegex</code>.</p>
</li>
<li>
<p>Issue <a
href="https://redirect.github.com/benjaminp/six/issues/317">#317</a>:
<code>six.moves._dummy_thread</code> now points to the
<code>_thread</code> module on
Python 3.9+. Python 3.7 and later requires threading and deprecated the
<code>_dummy_thread</code> module.</p>
</li>
<li>
<p>Issue <a
href="https://redirect.github.com/benjaminp/six/issues/308">#308</a>,
pull request <a
href="https://redirect.github.com/benjaminp/six/issues/314">#314</a>:
Remove support for Python 2.6 and Python 3.2.</p>
</li>
<li>
<p>Issue <a
href="https://redirect.github.com/benjaminp/six/issues/250">#250</a>,
issue <a
href="https://redirect.github.com/benjaminp/six/issues/165">#165</a>,
pull request <a
href="https://redirect.github.com/benjaminp/six/issues/251">#251</a>:
<code>six.wraps</code> now ignores missing
attributes. This follows the Python 3.2+ standard library behavior.</p>
</li>
</ul>
<h2>1.13.0</h2>
<ul>
<li>
<p>Issue <a
href="https://redirect.github.com/benjaminp/six/issues/298">#298</a>,
pull request <a
href="https://redirect.github.com/benjaminp/six/issues/299">#299</a>:
Add <code>six.moves.dbm_ndbm</code>.</p>
</li>
<li>
<p>Issue <a
href="https://redirect.github.com/benjaminp/six/issues/155">#155</a>:
Add <code>six.moves.collections_abc</code>, which aliases the
<code>collections</code>
module on Python 2-3.2 and the <code>collections.abc</code> module on
Python 3.3 and greater.</p>
</li>
<li>
<p>Pull request <a
href="https://redirect.github.com/benjaminp/six/issues/304">#304</a>:
Re-add distutils fallback in <code>setup.py</code>.</p>
</li>
<li>
<p>Pull request <a
href="https://redirect.github.com/benjaminp/six/issues/305">#305</a>: On
Python 3.7, <code>with_metaclass</code> supports classes using PEP
560 features.</p>
</li>
</ul>
<h2>1.12.0</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/benjaminp/six/commit/ebd9b3af90247b8858d415a05e96e9ee61e48d07"><code>ebd9b3a</code></a>
six 1.17.0</li>
<li><a
href="https://github.com/benjaminp/six/commit/40d248e516ae9bb32221a417de49a3d2fd9e39c1"><code>40d248e</code></a>
Expunge travis.</li>
<li><a
href="https://github.com/benjaminp/six/commit/dd7940e4b8760c620e61dd0e99ec0e60ee759fc8"><code>dd7940e</code></a>
Add PyPI publication workflow. (<a
href="https://redirect.github.com/benjaminp/six/issues/390">#390</a>)</li>
<li><a
href="https://github.com/benjaminp/six/commit/8cb688f32f24b6ebe94938b15e92ec5c75dd8f12"><code>8cb688f</code></a>
Update copyright years.</li>
<li><a
href="https://github.com/benjaminp/six/commit/86f89c5da1488463a00bd090c8f9e29aeabf6a10"><code>86f89c5</code></a>
Add a GitHub actions CI workflow. (<a
href="https://redirect.github.com/benjaminp/six/issues/389">#389</a>)</li>
<li><a
href="https://github.com/benjaminp/six/commit/06430b9fc66e3912bea2c0a2d13b22d7054a9ac7"><code>06430b9</code></a>
Make test_getoutput work on Windows.</li>
<li><a
href="https://github.com/benjaminp/six/commit/ceddaf2d0a45cf3a19ce0ac63a24ca4ffc76ba7c"><code>ceddaf2</code></a>
Add a changelog for <a
href="https://redirect.github.com/benjaminp/six/issues/314">#314</a>.</li>
<li><a
href="https://github.com/benjaminp/six/commit/9a05aab157c79647aa11c49f31a6bff5b18404a5"><code>9a05aab</code></a>
Python 3.14 removed the URLopener and FancyURLopener classes from
urllib.req...</li>
<li><a
href="https://github.com/benjaminp/six/commit/c1b416f24de52ebd8eaed3e379ab85ec9c3e935b"><code>c1b416f</code></a>
Fix deprecation warning from setuptools (<a
href="https://redirect.github.com/benjaminp/six/issues/382">#382</a>)</li>
<li><a
href="https://github.com/benjaminp/six/commit/02c3bcab0b94eb7a86f6606bc8b02e3ee0a72860"><code>02c3bca</code></a>
tkinter.tix was removed from Python 3.13, skip the test (<a
href="https://redirect.github.com/benjaminp/six/issues/377">#377</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/benjaminp/six/compare/1.14.0...1.17.0">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
|
|
Updates the requirements on [six](https://github.com/benjaminp/six) to permit the latest version.
- [Changelog](https://github.com/benjaminp/six/blob/main/CHANGES)
- [Commits](https://github.com/benjaminp/six/compare/1.14.0...1.17.0)
---
updated-dependencies:
- dependency-name: six
dependency-version: 1.17.0
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <[email protected]>
|
|
Updates the requirements on [virtualenv](https://github.com/pypa/virtualenv) to permit the latest version.
- [Release notes](https://github.com/pypa/virtualenv/releases)
- [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst)
- [Commits](https://github.com/pypa/virtualenv/compare/16.6.0...21.3.0)
---
updated-dependencies:
- dependency-name: virtualenv
dependency-version: 21.3.0
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <[email protected]>
|
|
Updates the requirements on [sphinx](https://github.com/sphinx-doc/sphinx) to permit the latest version.
- [Release notes](https://github.com/sphinx-doc/sphinx/releases)
- [Changelog](https://github.com/sphinx-doc/sphinx/blob/v7.4.7/CHANGES.rst)
- [Commits](https://github.com/sphinx-doc/sphinx/compare/v1.3...v7.4.7)
---
updated-dependencies:
- dependency-name: sphinx
dependency-version: 7.4.7
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <[email protected]>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
