Skip to content

Bump the pip-deps group across 1 directory with 7 updates#866

Merged
miniscruff merged 1 commit intomainfrom
dependabot/pip/pip-deps-c62546f5a8
Mar 21, 2026
Merged

Bump the pip-deps group across 1 directory with 7 updates#866
miniscruff merged 1 commit intomainfrom
dependabot/pip/pip-deps-c62546f5a8

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Mar 14, 2026
edited
Loading

Bumps the pip-deps group with 7 updates in the / directory:

Package From To
cairosvg 2.8.2 2.9.0
certifi 2026.1.4 2026.2.25
charset-normalizer 3.4.4 3.4.5
mkdocs-material 9.7.1 9.7.5
platformdirs 4.8.0 4.9.4
pymdown-extensions 10.20.1 10.21
regex 2026.1.15 2026.2.28

Updates cairosvg from 2.8.2 to 2.9.0

Changelog

Sourced from cairosvg's changelog.

Version 2.9.0 released on 2026-03-13

WARNING: this is a security update.

Using a lot of recursively nested use tags could lead to long rendering times with relatively small inputs. CairoSVG now stops rendering when more than 100k use tags are rendered.

Using the --unsafe option allows to render larger documents.

  • Drop support of Python 3.9, add support of Python 3.14
Commits
  • fe5cae5 Version 2.9.0
  • 6dde868 Abort when more than 100k referenced elements are rendered
  • a6b3a98 Cut long line again
  • ce8b51d Cut long line
  • b7818c9 Clarify unsafe option scope without removing security warning
  • See full diff in compare view

Updates certifi from 2026.1.4 to 2026.2.25

Commits

Updates charset-normalizer from 3.4.4 to 3.4.5

Release notes

Sourced from charset-normalizer's releases.

Version 3.4.5

3.4.5 (2026-03-06)

Changed

  • Update setuptools constraint to setuptools>=68,<=82.
  • Raised upper bound of mypyc for the optional pre-built extension to v1.19.1

Fixed

  • Add explicit link to lib math in our optimized build. (#692)
  • Logger level not restored correctly for empty byte sequences. (#701)
  • TypeError when passing bytearray to from_bytes. (#703)

Misc

  • Applied safe micro-optimizations in both our noise detector and language detector.
  • Rewrote the query_yes_no function (inside CLI) to avoid using ambiguous licensed code.
  • Added cd.py submodule into mypyc optional compilation to reduce further the performance impact.

[!WARNING]
mypyc changed the usual binary output for the optimized wheel. Beware, especially if using PyInstaller or alike. See jawah/charset_normalizer#714

Changelog

Sourced from charset-normalizer's changelog.

3.4.5 (2026-03-06)

Changed

  • Update setuptools constraint to setuptools>=68,<=82.
  • Raised upper bound of mypyc for the optional pre-built extension to v1.19.1

Fixed

  • Add explicit link to lib math in our optimized build. (#692)
  • Logger level not restored correctly for empty byte sequences. (#701)
  • TypeError when passing bytearray to from_bytes. (#703)

Misc

  • Applied safe micro-optimizations in both our noise detector and language detector.
  • Rewrote the query_yes_no function (inside CLI) to avoid using ambiguous licensed code.
  • Added cd.py submodule into mypyc optional compilation to reduce further the performance impact.
Commits
  • 7411396 📝 update changelog
  • 8de6012 Merge pull request #713 from jawah/release-3.4.5
  • 39d0fba Merge branch 'master' into release-3.4.5
  • f211d4a ⬆️ Bump actions/upload-artifact from 6.0.0 to 7.0.0 (#707)
  • 9123864 ⬆️ Bump github/codeql-action from 4.32.0 to 4.32.4 (#710)
  • 5cb1f12 ⬆️ Bump actions/download-artifact from 7.0.0 to 8.0.0 (#711)
  • 7e68582 ⬆️ Update setuptools requirement from <=81,>=68 to >=68,<=82.0.0 (#712)
  • e1e2ccb correct cp_similarity ratio ceiling (#704)
  • 209f9ff fix TypeError when passing bytearray to from_bytes (#703)
  • 6a8503f Fix logger level not restored correctly for empty byte sequences (#701)
  • Additional commits viewable in compare view

Updates mkdocs-material from 9.7.1 to 9.7.5

Release notes

Sourced from mkdocs-material's releases.

mkdocs-material-9.7.5

[!WARNING]

Material for MkDocs is in maintenance mode

Going forward, the Material for MkDocs team focuses on Zensical, a next-gen static site generator built from first principles. We will provide critical bug fixes and security updates for Material for MkDocs until November 2026.

Read the full announcement on our blog

Changes

  • Limited version range of mkdocs to <2
  • Updated MkDocs 2.0 incompatibility warning (clarify relation with MkDocs)

mkdocs-material-9.7.4

[!WARNING]

Material for MkDocs is in maintenance mode

Going forward, the Material for MkDocs team focuses on Zensical, a next-gen static site generator built from first principles. We will provide critical bug fixes and security updates for Material for MkDocs until November 2026.

Read the full announcement on our blog

Changes

  • Hardened social cards plugin by switching to sandboxed environment (recommended by @​caveeroo)
  • Updated MkDocs 2.0 incompatibility warning

mkdocs-material-9.7.2

[!WARNING]

Material for MkDocs is in maintenance mode

Going forward, the Material for MkDocs team focuses on Zensical, a next-gen static site generator built from first principles. We will provide critical bug fixes and security updates for Material for MkDocs until November 2026.

Read the full announcement on our blog

Changes

  • Opened up version ranges of optional dependencies for forward-compatibility
  • Added warning to mkdocs build about impending MkDocs 2.0 incompatibility (doesn't affect strict mode)
Changelog

Sourced from mkdocs-material's changelog.

mkdocs-material-9.7.5 (2026-03-10)

  • Limited version range of mkdocs to <2
  • Updated MkDocs 2.0 incompatibility warning (clarify relation with MkDocs)

mkdocs-material-9.7.4 (2026-03-03)

  • Hardened social cards plugin by switching to sandboxed environment
  • Updated MkDocs 2.0 incompatibility warning

mkdocs-material-9.7.3 (2026-02-24)

  • Fixed #8567: Print MkDocs 2.0 incompatibility warning to stderr

mkdocs-material-9.7.2 (2026-02-18)

  • Opened up version ranges of optional dependencies for forward-compatibility
  • Added warning to 'mkdocs build' about impending MkDocs 2.0 incompatibility

mkdocs-material-9.7.1 (2025-12-18)

  • Updated requests to 2.30+ to mitigate CVE in urllib
  • Fixed privacy plugin not picking up protocol-relative URLs
  • Fixed #8542: false positives and negatives captured in privacy plugin

mkdocs-material-9.7.0 (2025-11-11)

⚠️ Material for MkDocs is now in maintenance mode

This is the last release of Material for MkDocs that will receive new features. Going forward, the Material for MkDocs team focuses on Zensical, a next-gen static site generator built from first principles. We will provide critical bug fixes and security updates for Material for MkDocs for 12 months at least.

Read the full announcement on our blog: https://squidfunk.github.io/mkdocs-material/blog/2025/11/05/zensical/

This release includes all features that were previously exclusive to the Insiders edition. These features are now freely available to everyone.

Note on deprecated plugins: The projects and typeset plugins are included in this release, but must be considered deprecated. Both plugins proved unsustainable to maintain and represent architectural dead ends. They are provided as-is without ongoing support.

Changes:

  • Added support for pinned blog posts and author profiles
  • Added support for customizing pagination for blog index pages
  • Added support for customizing blog category sort order

... (truncated)

Commits
  • 00b9933 Prepare 9.7.5 release
  • 37683d1 Updated blog post on MkDocs 2.0
  • 199e315 Updated warning message to clarify relation to MkDocs
  • 1025833 Limited version range of mkdocs to <2
  • 1532f52 Added update log to blog post
  • d0c8b28 Updated dependencies to fix vulnerabilities
  • 71d4869 Updated blog post on MkDocs 2.0
  • 0d30a13 Updated blog post on MkDocs 2.0
  • 8b55995 Updated blog post on MkDocs 2.0
  • 66d413f Updated blog post on MkDocs 2.0
  • Additional commits viewable in compare view

Updates platformdirs from 4.8.0 to 4.9.4

Release notes

Sourced from platformdirs's releases.

4.9.4

What's Changed

Full Changelog: tox-dev/platformdirs@4.9.3...4.9.4

4.9.3

What's Changed

New Contributors

Full Changelog: tox-dev/platformdirs@4.9.2...4.9.3

4.9.2

What's Changed

Full Changelog: tox-dev/platformdirs@4.9.1...4.9.2

4.9.1

What's Changed

Full Changelog: tox-dev/platformdirs@4.9.0...4.9.1

4.9.0

What's Changed

... (truncated)

Changelog

Sourced from platformdirs's changelog.

########### Changelog ###########

4.9.4 (2026-03-05)

  • [pre-commit.ci] pre-commit autoupdate :pr:461 - by :user:pre-commit-ci[bot]
  • Update README.md
  • 📝 docs: add project logo to documentation :pr:459
  • Standardize .github files to .yaml suffix
  • build(deps): bump the all group with 2 updates :pr:457 - by :user:dependabot[bot]
  • Move SECURITY.md to .github/SECURITY.md
  • Add permissions to workflows :pr:455
  • Add security policy
  • [pre-commit.ci] pre-commit autoupdate :pr:454 - by :user:pre-commit-ci[bot]

4.9.2 (2026-02-16)

  • 📝 docs: restructure following Diataxis framework :pr:448
  • 📝 docs(platforms): fix RST formatting and TOC hierarchy :pr:447

4.9.1 (2026-02-14)

  • 📝 docs: enhance README, fix issues, and reorganize platforms.rst :pr:445

4.9.0 (2026-02-14)

  • 📚 docs: split usage guide into tutorial, how-to, and reference :pr:441
  • ✨ feat(api): add site_bin_dir property :pr:443
  • ✨ feat(api): add site_applications_dir property :pr:442
  • 🐛 fix(unix): use correct runtime dir path for OpenBSD :pr:440
  • 📝 docs(usage): document use_site_for_root parameter :pr:439

4.8.0 (2026-02-14)

  • 📝 docs(usage): note that home dir is in stdlib :pr:431
  • ✨ feat(api): add user_applications_dir property :pr:432
  • ✨ feat(api): add user_bin_dir property :pr:430
  • 🐛 fix(macos): yield individual site dirs in iter_*_dirs :pr:429
  • ✨ feat(windows): add WIN_PD_OVERRIDE_* env var overrides :pr:428

... (truncated)

Commits

Updates pymdown-extensions from 10.20.1 to 10.21

Release notes

Sourced from pymdown-extensions's releases.

10.21

  • NEW: Caption: Add support for specifying not only IDs but classes and arbitrary attributes. Initial work by @​joapuiib.
  • FIX: MagicLink: Fix a matching pattern for Bitbucket repo.
Commits

Updates regex from 2026.1.15 to 2026.2.28

Changelog

Sourced from regex's changelog.

Version: 2026.2.28

Replaced atomic operations with mutex on pattern object for free-threaded Python.

Version: 2026.2.26

PR [#598](https://github.com/mrabarnett/mrab-regex/issues/598): Fix race condition in storage caching with atomic operations.

Replaced use of PyUnicode_GET_LENGTH with PyUnicode_GetLength.

Version: 2026.2.19

Added \z as alias of \Z, like in re module.

Added prefixmatch as alias of match, like in re module.

Version: 2026.1.15

Re-uploaded.

Version: 2026.1.14

Git issue 596: Specifying {e<=0} causes ca 210× slow-down.

Added RISC-V wheels.

Version: 2025.11.3

Git issue 594: Support relative PARNO in recursive subpatterns.

Version: 2025.10.23

'setup.py' was missing from the source distribution.

Version: 2025.10.22

Fixed test in main.yml.

Version: 2025.10.21

Moved tests into subfolder.

Version: 2025.10.20

Re-organised files.

Updated to Unicode 17.0.0.

Version: 2025.9.20

... (truncated)

Commits
  • df2d5ac Replaced atomic operations with mutex on pattern object for free-threaded Pyt...
  • ed3d9ca Replaced use of PyUnicode_GET_LENGTH with PyUnicode_GetLength.
  • 28dd3e7 Merge pull request #598 from kevmo314/fix-storage-caching-race
  • 9789c22 Added \z as alias of \Z, like in re module.
  • cd631d8 Fix race condition in storage caching with atomic operations
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the pip-deps group across 1 directory with 7 updates
1ece73b 
Bumps the pip-deps group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [cairosvg](https://github.com/Kozea/CairoSVG) | `2.8.2` | `2.9.0` |
| [certifi](https://github.com/certifi/python-certifi) | `2026.1.4` | `2026.2.25` |
| [charset-normalizer](https://github.com/jawah/charset_normalizer) | `3.4.4` | `3.4.5` |
| [mkdocs-material](https://github.com/squidfunk/mkdocs-material) | `9.7.1` | `9.7.5` |
| [platformdirs](https://github.com/tox-dev/platformdirs) | `4.8.0` | `4.9.4` |
| [pymdown-extensions](https://github.com/facelessuser/pymdown-extensions) | `10.20.1` | `10.21` |
| [regex](https://github.com/mrabarnett/mrab-regex) | `2026.1.15` | `2026.2.28` |



Updates `cairosvg` from 2.8.2 to 2.9.0
- [Release notes](https://github.com/Kozea/CairoSVG/releases)
- [Changelog](https://github.com/Kozea/CairoSVG/blob/main/NEWS.rst)
- [Commits](Kozea/CairoSVG@2.8.2...2.9.0)

Updates `certifi` from 2026.1.4 to 2026.2.25
- [Commits](certifi/python-certifi@2026.01.04...2026.02.25)

Updates `charset-normalizer` from 3.4.4 to 3.4.5
- [Release notes](https://github.com/jawah/charset_normalizer/releases)
- [Changelog](https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md)
- [Commits](jawah/charset_normalizer@3.4.4...3.4.5)

Updates `mkdocs-material` from 9.7.1 to 9.7.5
- [Release notes](https://github.com/squidfunk/mkdocs-material/releases)
- [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG)
- [Commits](squidfunk/mkdocs-material@9.7.1...9.7.5)

Updates `platformdirs` from 4.8.0 to 4.9.4
- [Release notes](https://github.com/tox-dev/platformdirs/releases)
- [Changelog](https://github.com/tox-dev/platformdirs/blob/main/docs/changelog.rst)
- [Commits](tox-dev/platformdirs@4.8.0...4.9.4)

Updates `pymdown-extensions` from 10.20.1 to 10.21
- [Release notes](https://github.com/facelessuser/pymdown-extensions/releases)
- [Commits](https://github.com/facelessuser/pymdown-extensions/commits/10.21)

Updates `regex` from 2026.1.15 to 2026.2.28
- [Changelog](https://github.com/mrabarnett/mrab-regex/blob/hg/changelog.txt)
- [Commits](mrabarnett/mrab-regex@2026.1.15...2026.2.28)

---
updated-dependencies:
- dependency-name: cairosvg
  dependency-version: 2.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pip-deps
- dependency-name: certifi
  dependency-version: 2026.2.25
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pip-deps
- dependency-name: charset-normalizer
  dependency-version: 3.4.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: pip-deps
- dependency-name: mkdocs-material
  dependency-version: 9.7.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: pip-deps
- dependency-name: platformdirs
  dependency-version: 4.9.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pip-deps
- dependency-name: pymdown-extensions
  dependency-version: '10.21'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pip-deps
- dependency-name: regex
  dependency-version: 2026.2.28
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pip-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file skip changelog Non-user impacting change labels Mar 14, 2026
@miniscruff miniscruff merged commit 80bbb9e into main Mar 21, 2026
7 checks passed
@miniscruff miniscruff deleted the dependabot/pip/pip-deps-c62546f5a8 branch March 21, 2026 06:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file skip changelog Non-user impacting change

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@miniscruff