Bump the pip group across 1 directory with 39 updates

[dependabot]

Bumps the pip group with 39 updates in the /src directory:

Package	From	To
beautifulsoup4	4.13.3	4.14.3
biopython	1.85	1.86
bokeh	3.6.2	3.8.2
certifi	2025.1.31	2026.2.25
chardet	5.2.0	6.0.0.post1
cryptography	44.0.1	46.0.5
idna	3.10	3.11
jsonschema	4.23.0	4.26.0
markdown	3.7	3.10.2
markupsafe	3.0.2	3.0.3
networkx	3.4.2	3.6.1
numpy	2.2.3	2.4.2
pillow	11.1.0	12.1.1
plotly	5.24.1	6.5.2
pyasn1	0.6.1	0.6.2
pycurl	7.45.4	7.45.7
pygments	2.19.1	2.19.2
pyopenssl	25.0.0	25.3.0
rsa	4.9	4.9.1
scipy	1.15.2	1.17.1
setuptools	75.8.2	82.0.0
sympy	1.13.3	1.14.0
wordcloud	1.9.4	1.9.6
ipython	8.33.0	9.10.0
ipywidgets	8.1.5	8.1.8
jinja2	3.1.5	3.1.6
pandas	2.2.3	3.0.1
pymongo	4.11.1	4.16.0
pyyaml	6.0.2	6.0.3
requests	2.32.3	2.32.5
scikit-learn	1.6.1	1.8.0
statsmodels	0.14.4	0.14.6
tornado	6.4.2	6.5.4
coverage	7.6.12	7.13.4
pytest	8.3.4	9.0.2
pytest-cov	6.0.0	7.0.0
pytest-recording	0.13.2	0.13.4
ruff	0.9.9	0.15.4
vcrpy	7.0.0	8.1.1

Updates beautifulsoup4 from 4.13.3 to 4.14.3

Updates biopython from 1.85 to 1.86

Changelog

Sourced from biopython's changelog.

28 October 2025: Biopython 1.86

This release of Biopython supports Python 3.10, 3.11, 3.12, 3.13 and 3.14. It has also been tested on PyPy3.10 v7.3.19.

Bio.SearchIO now supports parsing the tabular and plain text output of Infernal <http://eddylab.org/infernal/> (v1.0.0+) RNA search tool. The format names are infernal-tab and infernal-text.

The default value of the gap score of a PairwiseAligner object was changed in this release. Previously, for consistency with Bio.pairwise2, the default value for gap score was 0. However, this means that a mismatch, an insertion followed by a deletion, and a deletion followed by an insertion all get assigned a score of 0. The aligner then finds a large number of alignments that are logically the same, but have trivial differences between them. For example, aligning AAACAAA to AAAGAAA previously yielded the following three alignments, all with score 6::

 AAACAAA        AAAC-AAA        AAA-CAAA
 AAAGAAA        AAA-GAAA        AAAG-AAA

With the new default parameter for the gap score, only the first alignment is returned.

Bio.PDB.PDBIO now ensures that b-factor values are always at most 6 characters to ensure that we do not violate the wwPDB specification. This should not have an impact on the majority of uses, as b-factor values are generally small (less than 100). When 1000 <= b-factor < 10_000, the value is rounded to a single decimal place. When, 10_000 <= b-factor < 999_999, the value is rounded to zero decimal places. Values above 999_999 are now clamped. The justification for this is the rise in the b-factor field being used for additional metadata, typically from computational tools.

Bio.Align now provides a method Alignment.from_alignments_with_same_reference to construct a multiple sequence alignment from a collection of alignments that share the same reference sequence.

Bio.PDB.PDBIO will now raise module specific warnings: Bio.PDB.PDBExceptions.PDBIOWarning.

Bio.PDB.SCADIO now supports object selection by color in the OpenSCAD output file. This enables generation of separate STL files for each color for printing protein structures on multi-material 3D printers.

The iplotx library is mentioned in the Tutorial as an option to visualise trees using complex style options.

Many thanks to the Biopython developers and community for making this release possible, especially the following contributors:

... (truncated)

Commits

• See full diff in compare view

Updates bokeh from 3.6.2 to 3.8.2

Changelog

Sourced from bokeh's changelog.

2026-01-06 3.8.2:

• bugfixes:

  • #14768 [component: server] Incomplete Origin Validation in WebSockets in Bokeh server applications

• tasks:

  • #14767 Backports for 3.8.2

2025-11-07 3.8.1:

• bugfixes:

  • #14618 [component: docs] Local documentation build fails with Extension error (sphinxext.opengraph)
  • #14626 [component: docs] Local documentation fails on Windows because of missing svg icons
  • #14651 [component: bokehjs] HoverTool parameter @$name for stacked bar chart not working in version 3.8.0

• tasks:

  • #14704 Backports for 3.8.1

2025-08-29 3.8:

• bugfixes:
  • #12430 [component: bokehjs] [BUG] Step glyphs do not support linked brushing
  • #12994 [component: bokehjs] [BUG] Patch does not output under certain conditions
  • #13616 [component: bokehjs] [BUG] DateRangePicker value does not reflect value in browser when selection is aborted
  • #14334 js_on_change not firing when range is updated in range tool
  • #14352 [component: bokehjs] Log Axis and Range1d < 1 failing
  • #14383 [component: bokehjs] SerializationError: circular reference When Passing List of Renderers to CustomJS Callbacks, but not when passing renderers sperately.
  • #14396 [component: examples] Remove context from time of day in span example
  • #14399 Bad typings for list_attr_splat (e.g. Plot.axis)
  • #14413 [component: bokehjs] ValueRef formatter does not handle datetime nullable well
  • #14420 [component: bokehjs] Enhance performance of WebGL multi_marker
  • #14422 [component: bokehjs] Legend renderer not correctly positioned when saved with SaveTool
  • #14424 [component: bokehjs] Patches with no data does not show plot with Bokeh 3.7+
  • #14458 [component: bokehjs] Removing and re-adding DOM nodes causes React problems
  • #14461 [component: tests] The regression test for issue #14207 is unreliable
  • #14468 [component: docs] Try on CodePen link does not work in documentation /docs/user_guide/advanced/bokehjs.html
  • #14469 [component: bokehjs] Canvas2D: Multiple readback operations using getImageData are faster with the willReadFrequently attribute set to true
  • #14476 Improve handling of pd.NA in Property.matches
  • #14497 mypy 1.15.0 fails in CI but not locally
  • #14499 [component: docs] IndexError on importing bokeh.sphinxext.bokeh_plot
  • #14520 [component: bokehjs] BokehJS complains about categorical factors for the BoxAnnotation widget
  • #14536 Flex layouts need to apply min_width and min_height selectively
  • #14540 [component: tests] Tests are failing on Windows and Python 3.10 after PR #14531
  • #14541 New SVG icons have inconsistent line widths
  • #14554 Add support for scalar uint32 color input.
  • #14565 [component: bokehjs] DataTable source update broken
  • #14574 [component: build] grammar build script failing with whitespace in path
  • #14597 [component: bokehjs] document_ready even trigger twice with Bokeh 3.4.0.dev4
  • #14602 [component: bokehjs] Layoutable components in side panels don't appear in exported images
  • #14620 Re-connect race condition on page reload

... (truncated)

Commits

• e5ce879 Deployment updates for release 3.8.2
• 2b3ee10 Don't validate npm credentials due to OICD limitations in npm (#14769)
• 756e3ae Migrate from NPM tokens to trusted providers for publishing in CI (#14766)
• 2f225a1 Update dependencies in build environment (#14758)
• 69d197c update switcher.json
• d915c8b update to latest ruff (#14661)
• 5f9f7b6 update release notes
• cedd113 handle wildcard host with port correctly
• a961ab7 small CI fixes for advisory fork merge
• d62939a Merge commit from fork
• Additional commits viewable in compare view

Updates certifi from 2025.1.31 to 2026.2.25

Commits

• 8571a4b 2026.02.25 (#395)
• 6f7de00 Bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 (#390)
• a1de59b Bump actions/checkout from 6.0.1 to 6.0.2 (#391)
• 7f5ade5 Bump actions/setup-python from 6.1.0 to 6.2.0 (#392)
• c64d9f3 2026.01.04 (#389)
• 4ac232f Bump actions/download-artifact from 6.0.0 to 7.0.0 (#387)
• 95ae4b2 Update CI workflow to use Ubuntu 24.04 and Python 3.14 stable (#386)
• b72a7b1 Bump dessant/lock-threads from 5.0.1 to 6.0.0 (#385)
• ecc2672 Bump actions/upload-artifact from 5.0.0 to 6.0.0 (#384)
• 6a897db Bump peter-evans/create-pull-request from 7.0.11 to 8.0.0 (#383)
• Additional commits viewable in compare view

Updates chardet from 5.2.0 to 6.0.0.post1

Release notes

Sourced from chardet's releases.

6.0.0.post1

• Fixed version number in chardet/version.py still being set to 6.0.0dev0. Otherwise identical to 6.0.0.

6.0.0

Features

• Unified single-byte charset detection: Instead of only having trained language models for a handful of languages (Bulgarian, Greek, Hebrew, Hungarian, Russian, Thai, Turkish) and relying on special-case Latin1Prober and MacRomanProber heuristics for Western encodings, chardet now treats all single-byte charsets the same way: every encoding gets proper language-specific bigram models trained on CulturaX corpus data. This means chardet can now accurately detect both the encoding and the language for all supported single-byte encodings.
• 38 new languages: Arabic, Belarusian, Breton, Croatian, Czech, Danish, Dutch, English, Esperanto, Estonian, Farsi, Finnish, French, German, Icelandic, Indonesian, Irish, Italian, Kazakh, Latvian, Lithuanian, Macedonian, Malay, Maltese, Norwegian, Polish, Portuguese, Romanian, Scottish Gaelic, Serbian, Slovak, Slovene, Spanish, Swedish, Tajik, Ukrainian, Vietnamese, and Welsh. Existing models for Bulgarian, Greek, Hebrew, Hungarian, Russian, Thai, and Turkish were also retrained with the new pipeline.
• EncodingEra filtering: New encoding_era parameter to detect allows filtering by an EncodingEra flag enum (MODERN_WEB, LEGACY_ISO, LEGACY_MAC, LEGACY_REGIONAL, DOS, MAINFRAME, ALL) allows callers to restrict detection to encodings from a specific era. detect() and detect_all() default to MODERN_WEB. The new MODERN_WEB default should drastically improve accuracy for users who are not working with legacy data. The tiers are:
  • MODERN_WEB: UTF-8/16/32, Windows-125x, CP874, CJK multi-byte (widely used on the web)
  • LEGACY_ISO: ISO-8859-x, KOI8-R/U (legacy but well-known standards)
  • LEGACY_MAC: Mac-specific encodings (MacRoman, MacCyrillic, etc.)
  • LEGACY_REGIONAL: Uncommon regional/national encodings (KOI8-T, KZ1048, CP1006, etc.)
  • DOS: DOS/OEM code pages (CP437, CP850, CP866, etc.)
  • MAINFRAME: EBCDIC variants (CP037, CP500, etc.)
• --encoding-era CLI flag: The chardetect CLI now accepts -e/--encoding-era to control which encoding eras are considered during detection.
• max_bytes and chunk_size parameters: detect(), detect_all(), and UniversalDetector now accept max_bytes (default 200KB) and chunk_size (default 64KB) parameters for controlling how much data is examined. (#314, @​bysiber)
• Encoding era preference tie-breaking: When multiple encodings have very close confidence scores, the detector now prefers more modern/Unicode encodings over legacy ones.
• Charset metadata registry: New chardet.metadata.charsets module provides structured metadata about all supported encodings, including their era classification and language filter.
• should_rename_legacy now defaults intelligently: When set to None (the new default), legacy renaming is automatically enabled when encoding_era is MODERN_WEB.
• Direct GB18030 support: Replaced the redundant GB2312 prober with a proper GB18030 prober.
• EBCDIC detection: Added CP037 and CP500 EBCDIC model registrations for mainframe encoding detection.
• Binary file detection: Added basic binary file detection to abort analysis earlier on non-text files.
• Python 3.12, 3.13, and 3.14 support (#283, @​hugovk; #311)
• GitHub Codespace support (#312, @​oxygen-dioxide)

Fixes

• Fix CP949 state machine: Corrected the state machine for Korean CP949 encoding detection. (#268, @​nenw)
• Fix SJIS distribution analysis: Fixed SJISDistributionAnalysis discarding valid second-byte range >= 0x80. (#315, @​bysiber)
• Fix UTF-16/32 detection for non-ASCII-heavy text: Improved detection of UTF-16/32 encoded CJK and other non-ASCII text by adding a MIN_RATIO threshold alongside the existing EXPECTED_RATIO.
• Fix get_charset crash: Resolved a crash when looking up unknown charset names.
• Fix GB18030 char_len_table: Corrected the character length table for GB18030 multi-byte sequences.
• Fix UTF-8 state machine: Updated to be more spec-compliant.
• Fix detect_all() returning inactive probers: Results from probers that determined "definitely not this encoding" are now excluded.
• Fix early cutoff bug: Resolved an issue where detection could terminate prematurely.
• Default UTF-8 fallback: If UTF-8 has not been ruled out and nothing else is above the minimum threshold, UTF-8 is now returned as the default.

Breaking changes

• Dropped Python 3.7, 3.8, and 3.9 support: Now requires Python 3.10+. (#283, @​hugovk)
• Removed Latin1Prober and MacRomanProber: These special-case probers have been replaced by the unified model-based approach described above. Latin-1, MacRoman, and all other single-byte encodings are now detected by SingleByteCharSetProber with trained language models, giving better accuracy and language identification.
• Removed EUC-TW support: EUC-TW encoding detection has been removed as it is extremely rare in practice.
• LanguageFilter.NONE removed: Use specific language filters or LanguageFilter.ALL instead.
• Enum types changed: InputState, ProbingState, MachineState, SequenceLikelihood, and CharacterCategory are now IntEnum (previously plain classes or Enum). LanguageFilter values changed from hardcoded hex to auto().
• detect() default behavior change: detect() now defaults to encoding_era=EncodingEra.MODERN_WEB and should_rename_legacy=None (auto-enabled for MODERN_WEB), whereas previously it defaulted to considering all encodings with no legacy renaming.

Misc changes

• Switched from Poetry/setuptools to uv + hatchling: Build system modernized with hatch-vcs for version management.

... (truncated)

Commits

• 2fa72d8 Update version to 6.0.0.post1
• 8a4636b docs: modernize usage examples and reorganize table of contents
• 20da71e docs: fix copyright start year and remove first-person reference
• b45ae91 docs: update copyright to 2015-2026 chardet contributors
• 3f9910d Add .readthedocs.yaml to fix RTD builds
• 7ef7cd0 Fix pyright type errors in chardetect.py and test.py
• 4025dfa Update documentation for 6.0.0 release
• 1170829 Add LEGACY_REGIONAL encoding era and reclassify misplaced encodings
• 19379ac Add --encoding-era CLI flag and improve heuristic selection
• 61308e2 Pre-release fixes: bump to 6.0.0, fix get_charset crash, cleanup
• Additional commits viewable in compare view

Updates cryptography from 44.0.1 to 46.0.5

Changelog

Sourced from cryptography's changelog.

46.0.5 - 2026-02-10

* An attacker could create a malicious public key that reveals portions of your
  private key when using certain uncommon elliptic curves (binary curves).
  This version now includes additional security checks to prevent this attack.
  This issue only affects binary elliptic curves, which are rarely used in
  real-world applications. Credit to **XlabAI Team of Tencent Xuanwu Lab and
  Atuin Automated Vulnerability Discovery Engine** for reporting the issue.
  **CVE-2026-26007**
* Support for ``SECT*`` binary elliptic curves is deprecated and will be
  removed in the next release.
.. v46-0-4:
46.0.4 - 2026-01-27

• Dropped support for win_arm64 wheels_.
• Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.

.. _v46-0-3:

46.0.3 - 2025-10-15

* Fixed compilation when using LibreSSL 4.2.0.
.. _v46-0-2:
46.0.2 - 2025-09-30

• Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.4.

.. _v46-0-1:

46.0.1 - 2025-09-16

* Fixed an issue where users installing via ``pip`` on Python 3.14 development
  versions would not properly install a dependency.
* Fixed an issue building the free-threaded macOS 3.14 wheels.
.. _v46-0-0:
46.0.0 - 2025-09-16

• BACKWARDS INCOMPATIBLE: Support for Python 3.7 has been removed.

... (truncated)

Commits

• 06e120e bump version for 46.0.5 release (#14289)
• 0eebb9d EC check key on cofactor > 1 (#14287)
• bedf6e1 fix openssl version on 46 branch (#14220)
• e6f44fc bump for 46.0.4 and drop win arm64 due to CI issues (#14217)
• c0af4dd release 46.0.3 (#13681)
• 99efe5a bump version for 46.0.2 (#13531)
• e735cfc release 46.0.1 (#13450)
• 4e457ff Explicitly specify python in mac uv build invocation (#13447)
• 2726efd Depend on CFFI 2.0.0 or newer on Python > 3.8 (#13448)
• 6223062 release 46.0.0 (#13446)
• Additional commits viewable in compare view

Updates idna from 3.10 to 3.11

Changelog

Sourced from idna's changelog.

3.11 (2025-10-12)

• Update to Unicode 16.0.0, including significant changes to UTS46 processing. As a result of Unicode ending support for it, transitional processing no longer has an effect and returns the same result.
• Add support for Python 3.14, lowest supported version is Python 3.8.
• Various updates to packaging, including PEP 740 support.

Commits

• ad949ee Release v3.11
• cae4ba7 Second release candidate for 3.11
• 8adb305 Add space in RST link
• 74cb2b6 Release candidate for 3.11
• 05dab09 Format idna-data with ruff
• 90eac78 Apply ruff formatting
• a31ce7e Remove errant test vectors
• 81f0333 Omit vectors known to be broken in test suite
• a0f3257 Merge branch 'master' into unicode-16-uts46-changes
• 38d9886 Remove extra UTS46 test vector
• Additional commits viewable in compare view

Updates jsonschema from 4.23.0 to 4.26.0

Release notes

Sourced from jsonschema's releases.

v4.26.0

What's Changed

• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in python-jsonschema/jsonschema#1400
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in python-jsonschema/jsonschema#1405
• Bump astral-sh/setup-uv from 6.5.0 to 6.6.0 by @​dependabot[bot] in python-jsonschema/jsonschema#1406
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in python-jsonschema/jsonschema#1407
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in python-jsonschema/jsonschema#1413
• Bump astral-sh/setup-uv from 6.6.0 to 6.6.1 by @​dependabot[bot] in python-jsonschema/jsonschema#1412
• Bump pypa/gh-action-pypi-publish from 1.12.4 to 1.13.0 by @​dependabot[bot] in python-jsonschema/jsonschema#1410
• Bump softprops/action-gh-release from 2.3.2 to 2.3.3 by @​dependabot[bot] in python-jsonschema/jsonschema#1409
• Bump actions/setup-python from 5 to 6 by @​dependabot[bot] in python-jsonschema/jsonschema#1411
• validators: avoid urllib.request at import-time by @​gudnimg in python-jsonschema/jsonschema#1416
• Bump astral-sh/setup-uv from 6.6.1 to 6.8.0 by @​dependabot[bot] in python-jsonschema/jsonschema#1417
• Bump softprops/action-gh-release from 2.3.3 to 2.3.4 by @​dependabot[bot] in python-jsonschema/jsonschema#1418
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in python-jsonschema/jsonschema#1415
• Bump softprops/action-gh-release from 2.3.4 to 2.4.1 by @​dependabot[bot] in python-jsonschema/jsonschema#1419
• Bump github/codeql-action from 3 to 4 by @​dependabot[bot] in python-jsonschema/jsonschema#1420
• Bump astral-sh/setup-uv from 6.8.0 to 7.1.0 by @​dependabot[bot] in python-jsonschema/jsonschema#1421
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in python-jsonschema/jsonschema#1424
• Bump astral-sh/setup-uv from 7.1.0 to 7.1.1 by @​dependabot[bot] in python-jsonschema/jsonschema#1423
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in python-jsonschema/jsonschema#1425
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in python-jsonschema/jsonschema#1429
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in python-jsonschema/jsonschema#1431
• Bump softprops/action-gh-release from 2.4.1 to 2.4.2 by @​dependabot[bot] in python-jsonschema/jsonschema#1432
• Bump astral-sh/setup-uv from 7.1.1 to 7.1.2 by @​dependabot[bot] in python-jsonschema/jsonschema#1430
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in python-jsonschema/jsonschema#1434
• Bump astral-sh/setup-uv from 7.1.2 to 7.1.4 by @​dependabot[bot] in python-jsonschema/jsonschema#1435
• Bump actions/checkout from 5 to 6 by @​dependabot[bot] in python-jsonschema/jsonschema#1436
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in python-jsonschema/jsonschema#1437
• Bump softprops/action-gh-release from 2.4.2 to 2.5.0 by @​dependabot[bot] in python-jsonschema/jsonschema#1438
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in python-jsonschema/jsonschema#1439
• Document uuid format by @​sim642 in python-jsonschema/jsonschema#1440
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in python-jsonschema/jsonschema#1441
• Bump astral-sh/setup-uv from 7.1.4 to 7.1.6 by @​dependabot[bot] in python-jsonschema/jsonschema#1442
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in python-jsonschema/jsonschema#1443

New Contributors

• @​gudnimg made their first contribution in python-jsonschema/jsonschema#1416
• @​sim642 made their first contribution in python-jsonschema/jsonschema#1440

Full Changelog: python-jsonschema/jsonschema@v4.25.1...v4.26.0

v4.25.1

What's Changed

• Fix Validator protocol init to match runtime by @​sirosen in python-jsonschema/jsonschema#1396

... (truncated)

Changelog

Sourced from jsonschema's changelog.

v4.26.0

• Decrease import time by delaying importing of urllib.request (#1416).

v4.25.1

• Fix an incorrect required argument in the Validator protocol's type annotations (#1396).

v4.25.0

• Add support for the iri and iri-reference formats to the format-nongpl extra via the MIT-licensed rfc3987-syntax. They were alread supported by the format extra. (#1388).

v4.24.1

• Properly escape segments in ValidationError.json_path (#139).

v4.24.0

• Fix improper handling of unevaluatedProperties in the presence of additionalProperties (#1351).
• Support for Python 3.8 has been dropped, as it is end-of-life.

Commits

• a727743 Add a changelog entry for 4.26.
• 6d28c13 Update the lockfile.
• 739499e Update pre-commit hooks.
• cb2d779 Merge pull request #1443 from python-jsonschema/pre-commit-ci-update-config
• e6bbbb7 [pre-commit.ci] pre-commit autoupdate
• d56037a Merge pull request #1442 from python-jsonschema/dependabot/github_actions/ast...
• e54ce13 Bump astral-sh/setup-uv from 7.1.4 to 7.1.6
• 1f7c9fb Partially update docs requirements.
• 241aec9 Merge pull request #1441 from python-jsonschema/pre-commit-ci-update-config
• 2818efb Apache-2.0 -> nongpl
• Additional commits viewable in compare view

Updates markdown from 3.7 to 3.10.2

Release notes

Sourced from markdown's releases.

Release 3.10.2

Fixed

• Fix a regression related to comment handling (#1590).
• More reliable fix for </ (#1593).

Release 3.10.1

Fixed

• Ensure nested elements inside inline comments are properly unescaped (#1571).
• Make the docs build successfully with mkdocstrings-python 2.0 (#1575).
• Fix infinite loop when multiple bogus or unclosed HTML comments appear in input (#1578).
• Fix another infinite loop when handling bad comments (#1586).

Release 3.10.0

Changed

• Officially support Python 3.14 and PyPy 3.11 and drop support for Python 3.9 and PyPy 3.9.

Fixed

• Fix an HTML comment parsing case in some Python versions that can cause an infinite loop (#1554).
• Revert the default behavior of USE_DEFINITION_ORDER (to True). The new behavior introduced in 3.9.0 is experimental and results are inconsistent. It should not have been made the default behavior (#1561).

Release 3.9.0

Changed

• Footnotes are now ordered by the occurrence of their references in the document. A new configuration option for the footnotes extension, USE_DEFINITION_ORDER, has been added to support restoring the previous behavior of ordering footnotes by the occurrence of definitions (#1367).

Fixed

• Ensure inline processing iterates through elements in document order (#1546).
• Fix handling of incomplete HTML tags in code spans in Python 3.14 (#1547).

Release 3.8.2

Fixed

• Fix codecs deprecation in Python 3.14.
• Fix issue with unclosed comment parsing in Python 3.14.
• Fix issue with unclosed declarations in Python 3.14.
• Fix issue with unclosed HTML tag <foo and Python 3.14.

Release 3.8.1

... (truncated)

Changelog

Sourced from markdown's changelog.

[3.10.2] - 2026-02-09

Fixed

• Fix a regression related to comment handling (#1590).
• More reliable fix for </ (#1593).

[3.10.1] - 2026-01-21

Fixed

• Ensure nested elements inside inline comments are properly unescaped (#1571).
• Make the docs build successfully with mkdocstrings-python 2.0 (#1575).
• Fix infinite loop when multiple bogus or unclosed HTML comments appear in input (#1578).
• Fix another infinite loop when handling bad comments (#1586).

[3.10.0] - 2025-11-03

Changed

• Officially support Python 3.14 and PyPy 3.11 and drop support for Python 3.9 and PyPy 3.9.

Fixed

• Fix an HTML comment parsing case in some Python versions that can cause an infinite loop (#1554).
• Revert the default behavior of USE_DEFINITION_ORDER (to True). The new behavior introduced in 3.9.0 is experimental and results are inconsistent. It should not have been made the default behavior (#1561).

[3.9.0] - 2025-09-04

Changed

• Footnotes are now ordered by the occurrence of their references in the document. A new configuration option for the footnotes extension, USE_DEFINITION_ORDER, has been added to support restoring the previous behavior of ordering footnotes by the occurrence of definitions (#1367).

Fixed

• Ensure inline processing iterates through elements in document order (#1546).
• Fix handling of incomplete HTML tags in code spans in Python 3.14 (#1547).

[3.8.2] - 2025-06-19

Fixed

• Fix codecs deprecation in Python 3.14 (#1537).

... (truncated)

Commits

• e7a0efb Bump version to 3.10.2
• 6301833 Document HTML sanitation policy
• 7f29f1a More reliable fix for </
• c438647 Fix regression of special comments
• e5fa5b8 Bump version to 3.10.1
• f925349 More HTML fixes
• 9933a0a Revert "Allow reference links with backticks"
• 07dfa4e Allow reference links with backticks
• fb6b27a Fix infinite loop when text contains multiple unclosed comments
• 89112c2 Make the docs build successfully with mkdocstrings-python 2.0
• Additional commits viewable in compare view

Updates markupsafe from 3.0.2 to 3.0.3

Release notes

Sourced from markupsafe's releases.

3.0.3

This is the MarkupSafe 3.0.3 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/MarkupSafe/3.0.3/ Changes: https://markupsafe.palletsprojects.com/page/changes/#version-3-0-3 Milestone: https://github.com/pallets/markupsafe/milestone/15?closed=1

• __version__ raises DeprecationWarning instead of UserWarning. #487
• Adopt multi-phase initialization PEP 489 for the C extension. #494
• Build Windows ARM64 wheels. #485
• Build Python 3.14 wheels. #503
• Build riscv64 wheels. #505

Changelog

Sourced from markupsafe's changelog.

Version 3.0.3

Released 2025-09-27

• __version__ raises DeprecationWarning instead of UserWarning. :issue:487
• Adopt multi-phase initialisation (:pep:489) for the C extension. :issue:494
• Build Windows ARM64 wheels. :issue:485
• Build Python 3.14 wheels. :issue:503
• Build riscv64 wheels. :issue:505

Commits

• 297fc8e release version 3.0.3
• 7e4e6ce Free-threading: run with pytest-run-paralell (#507)
• 6100b9c enable riscv64 wheels (#506)
• c9d5ecf enable riscv64 wheels
• 2f9b337 tox for 3.14
• 78d951a update dev dependencies
• bb6744e add entry
• 65c4134 upgrade cibuildwheel, add cp314 wheels and test on CPython 3.14 (#504)
• 3a9bd88 add cp314 wheels
• aafe44d remove slsa provenance (#501)
• Additional commits viewable in compare view

Updates networkx from 3.4.2 to 3.6.1

Release notes

Sourced from networkx's releases.

NetworkX 3.6.1

networkx 3.6.1

We're happy to announce the release of networkx 3.6.1!

API Changes

• Add spectral bipartition community finding and greedy bipartition using node swaps (#8347).

Enhancements

• Nodelists for from_biadjacency_matrix (#7993).
• Add spectral bipartition community finding and greedy bipartition using node swaps (#8347).
• Fix draw_networkx_nodes with list node_shape and add regression test (#8363).

Bug Fixes

• Fix: allow graph subclasses to have additional arguments (#8369).

Documentation

• DOC: Improve benchmarking readme (#8358).
• DOC: More details re: RC releases in the release process devdocs (#8346).
• DOC: clarify difference between G.nodes/G.nodes() and G.edges/G.edges() in tutorial (#8300).
• DOC: Add blurb to contributor guide about drawing tests (#8370).
• DOC: Fix underline lens in docstrings (#8371).
• Rolling back shortest paths links (#8373).

Maintenance

• MAINT: Replace string literal with comment (#8359).
• Bump actions/checkout from 5 to 6 in the actions group (#8360).
• pin python 3.14 to be version 3.14.0 until dataclasses are fixed (#8365).
• Blocklist Python 3.14.1 (#8372).

Other

• TST: add tests for unsupported graph types in MST algorithms (#8353).
• TST: clean up isomorphism tests (#8364).

Contributors

10 authors added to this release (alphabetically):

• @​Aka2210
• @​jfinkels
• @​NaorTIRAM
• Aditi Juneja (@​Schefflera-Arboricola)
• Alejandro Candioti (@​amcandio)
• Colman Bouton (@​LorentzFactor)

... (truncated)

Commits

• 7530809 Designate 3.6.1 release
• 4788eb0 Rolling back shortest paths links (#8373)
• 696edb6 Fix draw_networkx_nodes with list node_shape and add regression test (#8363)
• c38830c Blocklist Python 3.14.1 (#8372)
• 81d2311 DOC: Fix underline lens in docstrings. (#8371)
• a6e2bfa DOC: Add blurb to contributor guide ...

  Description has been truncated