Build(deps): Bump the pip-dependencies group across 1 directory with 37 updates

[dependabot]

Updates the requirements on alembic, beautifulsoup4, certifi, charset-normalizer, click, flask, google-auth, google-auth-oauthlib, greenlet, idna, importlib-metadata, importlib-resources, kombu, mako, markupsafe, pillow, pyasn1, pytest, python-dotenv, requests, soupsieve, sqlalchemy, urllib3, wcwidth, websocket-client, wsproto, werkzeug, zipp, celery, wtforms, jsonschema, flask-admin, psycopg2-binary, flask-jwt-extended, flask-cors, openai and psutil to permit the latest version.
Updates alembic from 1.16.5 to 1.18.4

Release notes

Sourced from alembic's releases.

1.18.4

Released: February 10, 2026

bug

• [bug] [operations] Reverted the behavior of Operations.add_column() that would automatically render the "PRIMARY KEY" keyword inline when a Column with primary_key=True is added. The automatic behavior, added in version 1.18.2, is now opt-in via the new Operations.add_column.inline_primary_key parameter. This change restores the ability to render a PostgreSQL SERIAL column, which is required to be primary_key=True, while not impacting the ability to render a separate primary key constraint. This also provides consistency with the Operations.add_column.inline_references parameter and gives users explicit control over SQL generation.

  To render PRIMARY KEY inline, use the Operations.add_column.inline_primary_key parameter set to True:

  op.add_column( "my_table", Column("id", Integer, primary_key=True), inline_primary_key=True )References: #1232

1.18.3

Released: January 29, 2026

bug

• [bug] [autogenerate] Fixed regression in version 1.18.0 due to #1771 where autogenerate would raise NoReferencedTableError when a foreign key constraint referenced a table that was not part of the initial table load, including tables filtered out by the EnvironmentContext.configure.include_name callable or tables in remote schemas that were not included in the initial reflection run.

  The change in #1771 was a performance optimization that eliminated additional reflection queries for tables that were only referenced by foreign keys but not explicitly included in the main reflection run. However, this optimization inadvertently removed the creation of Table objects for these referenced tables, causing autogenerate to fail when processing foreign key constraints that pointed to them.

  The fix creates placeholder Table objects for foreign key targets

... (truncated)

Commits

• See full diff in compare view

Updates beautifulsoup4 from 4.13.5 to 4.15.0

Updates certifi from 2025.10.5 to 2026.5.20

Commits

• d7ea151 2026.05.20 (#413)
• 5dddfb0 2026.04.22 (#410)
• f99eccd Bump peter-evans/create-pull-request from 8.1.0 to 8.1.1 (#404)
• 918bed0 Bump actions/upload-artifact from 7.0.0 to 7.0.1 (#405)
• 0a49067 Bump pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0 (#403)
• acf6ce8 Bump actions/download-artifact from 8.0.0 to 8.0.1 (#398)
• feb0ed2 Bump actions/download-artifact from 7.0.0 to 8.0.0 (#397)
• d9c11a5 Bump actions/upload-artifact from 6.0.0 to 7.0.0 (#396)
• 8571a4b 2026.02.25 (#395)
• 6f7de00 Bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 (#390)
• Additional commits viewable in compare view

Updates charset-normalizer from 3.4.3 to 3.4.7

Release notes

Sourced from charset-normalizer's releases.

Version 3.4.7

3.4.7 (2026-04-02)

Changed

• Pre-built optimized version using mypy[c] v1.20.
• Relax setuptools constraint to setuptools>=68,<82.1.

Fixed

• Correctly remove SIG remnant in utf-7 decoded string. (#718) (#716)

Version 3.4.6

3.4.6 (2026-03-15)

Changed

• Flattened the logic in charset_normalizer.md for higher performance. Removed eligible(..) and feed(...) in favor of feed_info(...).
• Raised upper bound for mypy[c] to 1.20, for our optimized version.
• Updated UNICODE_RANGES_COMBINED using Unicode blocks v17.

Fixed

• Edge case where noise difference between two candidates can be almost insignificant. (#672)
• CLI --normalize writing to wrong path when passing multiple files in. (#702)

Misc

• Freethreaded pre-built wheels now shipped in PyPI starting with 3.14t. (#616)

Version 3.4.5

3.4.5 (2026-03-06)

Changed

• Update setuptools constraint to setuptools>=68,<=82.
• Raised upper bound of mypyc for the optional pre-built extension to v1.19.1

Fixed

• Add explicit link to lib math in our optimized build. (#692)
• Logger level not restored correctly for empty byte sequences. (#701)
• TypeError when passing bytearray to from_bytes. (#703)

Misc

• Applied safe micro-optimizations in both our noise detector and language detector.
• Rewrote the query_yes_no function (inside CLI) to avoid using ambiguous licensed code.
• Added cd.py submodule into mypyc optional compilation to reduce further the performance impact.

[!WARNING]
mypyc changed the usual binary output for the optimized wheel. Beware, especially if using PyInstaller or alike. See jawah/charset_normalizer#714

Version 3.4.4

3.4.4 (2025-10-13)

Changed

... (truncated)

Changelog

Sourced from charset-normalizer's changelog.

3.4.7 (2026-04-02)

Changed

• Pre-built optimized version using mypy[c] v1.20.
• Relax setuptools constraint to setuptools>=68,<82.1.

Fixed

• Correctly remove SIG remnant in utf-7 decoded string. (#718) (#716)

3.4.6 (2026-03-15)

Changed

• Flattened the logic in charset_normalizer.md for higher performance. Removed eligible(..) and feed(...) in favor of feed_info(...).
• Raised upper bound for mypy[c] to 1.20, for our optimized version.
• Updated UNICODE_RANGES_COMBINED using Unicode blocks v17.

Fixed

• Edge case where noise difference between two candidates can be almost insignificant. (#672)
• CLI --normalize writing to wrong path when passing multiple files in. (#702)

Misc

• Freethreaded pre-built wheels now shipped in PyPI starting with 3.14t. (#616)

3.4.5 (2026-03-06)

Changed

• Update setuptools constraint to setuptools>=68,<=82.
• Raised upper bound of mypyc for the optional pre-built extension to v1.19.1

Fixed

• Add explicit link to lib math in our optimized build. (#692)
• Logger level not restored correctly for empty byte sequences. (#701)
• TypeError when passing bytearray to from_bytes. (#703)

Misc

• Applied safe micro-optimizations in both our noise detector and language detector.
• Rewrote the query_yes_no function (inside CLI) to avoid using ambiguous licensed code.
• Added cd.py submodule into mypyc optional compilation to reduce further the performance impact.

3.4.4 (2025-10-13)

Changed

• Bound setuptools to a specific constraint setuptools>=68,<=81.
• Raised upper bound of mypyc for the optional pre-built extension to v1.18.2

Removed

• setuptools-scm as a build dependency.

Misc

... (truncated)

Commits

• 0f07891 Merge pull request #729 from jawah/release-3.4.7
• fdbeb29 chore: update dev, and ci requirements
• b66f922 chore: add ft classifier
• f94249d chore: add test cases for utf_7 recent fix
• 95c866f chore: bump version to 3.4.7
• 4f429bb chore: bump mypy pre-commit to v1.20
• b579cd6 fix: correctly remove SIG remnant in utf-7 decoded string
• 58bf944 ⬆️ Bump github/codeql-action from 4.32.4 to 4.35.1 (#728)
• 44cf8a1 ⬆️ Bump actions/download-artifact from 8.0.0 to 8.0.1 (#726)
• 362bc20 ⬆️ Bump docker/setup-qemu-action from 3.7.0 to 4.0.0 (#725)
• Additional commits viewable in compare view

Updates click from 8.1.8 to 8.4.1

Release notes

Sourced from click's releases.

8.4.1

This is the Click 8.4.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/click/8.4.1/ Changes: https://click.palletsprojects.com/page/changes/#version-8-4-1 Milestone: https://github.com/pallets/click/milestone/32?closed=1

• get_parameter_source() is available during eager callbacks and type conversion again. #3458 #3484
• Zsh completion scripts parse correctly on Windows. #3277 # 3466
• Shell completion of Choice Enum values produces a valid completion result. #3015
• Fix empty byte-string handling in echo. #3487
• Fix closed file error with echo_via_pager. #3449

8.4.0

This is the Click 8.4.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecation, or introduce potentially breaking changes.

We encourage everyone to upgrade. You can read more about our Version Support Policy on our website.

PyPI: https://pypi.org/project/click/8.4.0/ Changes: https://click.palletsprojects.com/page/changes/#version-8-4-0 Milestone https://github.com/pallets/click/milestone/30

• ParamType typing improvements. #3371

  • :class:ParamType is now a generic abstract base class, parameterized by its converted value type.
  • :meth:~ParamType.convert return types are narrowed on all concrete types (str for :class:STRING, int for :class:INT, etc.).
  • :meth:~ParamType.to_info_dict returns specific :class:~typing.TypedDict subclasses instead of dict[str, Any].
  • :class:CompositeParamType and the number-range base are now generic with abstract methods.

• Refactor convert_type to extract type inference into a private _guess_type helper, and add :func:typing.overload signatures. #3372

• Parameter typing improvements. #2805

  • :class:Parameter is now an abstract base class, making explicit that it cannot be instantiated directly.
  • :attr:Parameter.name is now str instead of str | None. When expose_value=False, the name is set to "" instead of None.
  • The ctx parameter of :meth:Parameter.get_error_hint is now typed as Context | None, matching the runtime behavior.

• Split string values from default_map for parameters with nargs > 1 or :class:Tuple type, matching environment variable behavior.

... (truncated)

Changelog

Sourced from click's changelog.

Version 8.4.1

Released 2026-05-21

• get_parameter_source() is available during eager callbacks and type conversion again. {issue}3458 {pr}3484
• Zsh completion scripts parse correctly on Windows. {issue}3277 {pr}3466
• Shell completion of Enum values used as Choice options produces a valid completion result. {issue}3015 {pr}3471
• Fix empty byte-string handling in echo. {issue}3487 {pr}3493
• Fix closed file error with echo_via_pager. {issue}3449 {pr}3482
• Fix open_url on Windows when the file path contains spaces. {issue}2994 {pr}3478

Version 8.4.0

Released 2026-05-17

• {class}ParamType typing improvements. {pr}3371

  • {class}ParamType is now a generic abstract base class, parameterized by its converted value type.
  • {meth}~ParamType.convert return types are narrowed on all concrete types (str for {class}STRING, int for {class}INT, etc.).
  • {meth}~ParamType.to_info_dict returns specific {class}~typing.TypedDict subclasses instead of dict[str, Any].
  • {class}CompositeParamType and the number-range base are now generic with abstract methods.

• Refactor convert_type to extract type inference into a private _guess_type helper, and add {func}typing.overload signatures. {pr}3372

• {class}Parameter typing improvements. {pr}2805

  • {class}Parameter is now an abstract base class, making explicit that it cannot be instantiated directly.
  • {attr}Parameter.name is now str instead of str | None. When expose_value=False, the name is set to "" instead of None.
  • The ctx parameter of {meth}Parameter.get_error_hint is now typed as Context | None, matching the runtime behavior.

• Split string values from default_map for parameters with nargs > 1 or {class}Tuple type, matching environment variable behavior. {issue}2745 {pr}3364

• Auto-detect type=UNPROCESSED for flag_value of non-basic types

... (truncated)

Commits

• 6eeb50e release version 8.4.1
• 67921d5 change log and doc fixes (#3495)
• 9c41f46 Fix changelog and version admonitions
• 6cb3477 fix skip condition
• 5ee8e31 fix I/O operation on closed file error with CliRunner and echo_via_pager (#3482)
• becbde5 pager doesn't close std streams
• a5f5aa6 Handle empty bytes in echo (#3493)
• 4d3db84 handle empty bytes in echo
• d42f15b Fix get_parameter_source() during type conversion and eager callbacks (#3484)
• 0baa8db Document ctx.params bypass with test and doc
• Additional commits viewable in compare view

Updates flask from 3.1.2 to 3.1.3

Release notes

Sourced from flask's releases.

3.1.3

This is the Flask 3.1.3 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Flask/3.1.3/ Changes: https://flask.palletsprojects.com/page/changes/#version-3-1-3

• The session is marked as accessed for operations that only access the keys but not the values, such as in and len. GHSA-68rp-wp8r-4726

Changelog

Sourced from flask's changelog.

Version 3.1.3

Released 2026-02-18

• The session is marked as accessed for operations that only access the keys but not the values, such as in and len. :ghsa:68rp-wp8r-4726

Commits

• 22d9247 release version 3.1.3
• 089cb86 Merge commit from fork
• c17f379 request context tracks session access
• 27be933 start version 3.1.3
• 4e652d3 Abort if the instance folder cannot be created (#5903)
• 3d03098 Abort if the instance folder cannot be created
• 407eb76 document using gevent for async (#5900)
• ac5664d document using gevent for async
• 4f79d5b Increase required flit_core version to 3.11 (#5865)
• fe3b215 Increase required flit_core version to 3.11
• Additional commits viewable in compare view

Updates google-auth from 2.40.3 to 2.53.0

Release notes

Sourced from google-auth's releases.

v2.49.0.dev0

2.49.0-dev0 (2026-01-26)

Bug Fixes

• remove deprecated rsa dependency (e98cf69284d3620619a70b54fb0b9533caf11878)

google-auth 2.48.0

2.48.0 (2026-01-21)

Features

• honor NO_GCE_CHECK environment variable (#1610) (383c9827)

• add configurable GCE Metadata Server retries (#1488) (454b441b)

• add cryptography as required dependency (#1929) (52558ae2)

• Support the mTLS IAM domain for Certificate based Access (#1938) (8dcf91a1)

Bug Fixes

• resolve circular imports (#1942) (25c1b064)

• Use user_verification=preferred for ReAuth WebAuthn challenge (#1798) (3f88a240)

• removes content-header from AWS IMDS get request (#1934) (97bfea9e)

• detect correct auth when ADC env var is set but empty (#1374) (bfc07e10)

• replace deprecated utcfromtimestamp (#1799) (e431f20c)

v2.48.0rc0

2.48.0rc0 (2026-01-20)

Features

• honor NO_GCE_CHECK environment variable (#1610) (383c98)
• add configurable GCE Metadata Server retries (#1488) (454b44)
• support mTLS IAM domain for Certificate based Access (#1938) (8dcf91)
• add cryptography as required dependency (#1929) (52558a)

Bug Fixes

• Use user_verification=preferred for ReAuth WebAuthn challenge (#1798) (3f88a2)
• replace deprecated utcfromtimestamp (#1799) (e431f2)
• detect correct auth when ADC env var is set by empty (#1374) (bfc07e)
• removed content-header from AWS IMDS (#1934) (97bfea)

... (truncated)

Changelog

Sourced from google-auth's changelog.

Changelog

PyPI History

2.48.0 (2026-01-22)

Features

• add cryptography as required dependency (#1929) (52558ae2881b1e6555f6f5c0d76365c15807ead9)
• Support the mTLS IAM domain for Certificate based Access (#1938) (8dcf91a1b05c85fbbd0bcee78d66e498099102ab)
• add configurable GCE Metadata Server retries (#1488) (454b441b478ec62bbf1a6ad5bceb6c7cbbfd0c37)
• honor NO_GCE_CHECK environment variable (#1610) (383c9827536d9376e8248370ce4c2b83e468d027)

Bug Fixes

• resolve circular imports (#1942) (25c1b064545702cbef087cfcd15fbbb6ef1af74f)
• removes content-header from AWS IMDS get request (#1934) (97bfea9e02ede953fc8ee154e0deed3a3cfc6dcc)
• detect correct auth when ADC env var is set but empty (#1374) (bfc07e1050bd0aa86fa3b08cdf70c9b68b5fe6a2)
• replace deprecated utcfromtimestamp (#1799) (e431f20cf73ccac71926a23ec454468cea92e053)
• Use user_verification=preferred for ReAuth WebAuthn challenge (#1798) (3f88a24089c4ee6822d510de0db210b54260d873)

2.47.0 (2026-01-06)

Features

• drop cachetools dependency in favor of simple local implementation (#1590) (5c07e1c4f52bc77a1b16fa3b7b3c5269c242f6f4)

Bug Fixes

• Python 3.8 support (#1918) (60dc20014a35ec4ba71e8065b9a33ecbdbeca97a)

2.46.0 (2026-01-05)

Documentation

• update urllib3 docstrings for v2 compatibility (#1903) (3f1aeea2d1014ea1d244a4c3470e52d74d55404b)

Features

• Recognize workload certificate config in has_default_client_cert_source for mTLS for Agentic Identities (#1907) (0b9107d573123e358c347ffa067637f992af61b4)

... (truncated)

Commits

• See full diff in compare view

Updates google-auth-oauthlib from 1.2.2 to 1.4.0

Release notes

Sourced from google-auth-oauthlib's releases.

google-shopping-merchant-promotions: v1.4.0

v1.4.0 (2026-06-02)

google-shopping-merchant-ordertracking: v1.4.0

v1.4.0 (2026-06-02)

google-shopping-merchant-notifications: v1.4.0

v1.4.0 (2026-06-02)

google-shopping-merchant-lfp: v1.4.0

v1.4.0 (2026-06-02)

google-shopping-merchant-issueresolution: v1.4.0

v1.4.0 (2026-06-02)

google-shopping-merchant-conversions: v1.4.0

v1.4.0 (2026-06-02)

Changelog

Sourced from google-auth-oauthlib's changelog.

1.4.0 (2022-01-28)

Features

• add syntax highlighting support for Markdown pages (#170) (9898807)

1.3.3 (2021-11-29)

Bug Fixes

• expand entry names in Overview page to be more descriptive (#159) (7bd6416)

1.3.2 (2021-11-16)

Bug Fixes

• gracefully handle format_code exceptions (#152) (a679ace)

1.3.1 (2021-11-15)

Bug Fixes

• resolve square bracketed references (#146) (fa049ac)

1.3.0 (2021-11-15)

Features

• format signature using black (#144) (4462b93)

1.2.0 (2021-10-05)

Features

• find more items to cross reference (#138) (a0f82dd)

1.1.2 (2021-09-14)

Bug Fixes

• disambiguate after grouping by packages and versions (#132) (53d68fe)

1.1.1 (2021-08-30)

... (truncated)

Commits

• 3997a10 chore: librarian release pull request: 20260506T163115Z (#16964)
• f655e49 chore: add type annotation to SYNCPOINTS (#16973)
• f149bd7 refactor(bigframes): Modularize compiler routing as proxy executor (#16907)
• 19db82f chore(bigframes): remove leftover support for Python <= 3.9 (#16961)
• 2dedaac chore: test CommonResource resource name alias (#16965)
• 9652a08 fix: pass resource aliases to file-level CommonResources (#16945)
• 78a48b0 fix(google-cloud-core): Drop support for Python 3.9 (#16953)
• 5975c48 fix(dns): Drop support for Python 3.9 (#16954)
• d5bea2e fix(crc32c): Drop support for Python 3.8 and 3.9 (#16955)
• 63f6d96 fix(sqlalchemy-bigquery): Drop support for Python 3.8 and 3.9 (#16956)
• Additional commits viewable in compare view

Updates greenlet from 3.2.4 to 3.5.1

Changelog

Sourced from greenlet's changelog.

3.5.1 (2026-05-20)

• Add preliminary support for Python 3.15b1. This has not been reviewed by CPython core developers, but all tests pass. Binary wheels of this version won't work on earlier Python 3.15 builds and may not work on later 3.15 builds.
• Fix the discrepancy in the way the two getcurrent APIs behave during greenlet teardown. One API (the C API used by, e.g., gevent) raised a RuntimeError; the other (the Python greenlet.getcurrent API) returned None. This second way is incompatible with greenlet's type annotations, so greenlet.getcurrent now raises a RuntimeError as well.

3.5.0 (2026-04-27)

• Remove the atexit callback. This callback caused greenlet APIs to become unavailable far too soon during interpreter shutdown. Now they remain available while all atexit callbacks run. Sometime after Py_IsFinalizing becomes true, they may begin misbehaving. Because the order in which C extensions are finalized is undefined, C extensions that are sensitive to this need to check the results of that function before invoking greenlet APIs. As a convenience, PyGreenlet_GetCurrent sets an exception and returns NULL when this happens (and greenlet.getcurrent begins returning None); other greenlet C API functions have undefined behaviour. Methods invoked directly on pre-existing greenlet.greenlet objects will continue to function at least until the greenlet C extension has been garbage collected and finalized.

  See PR 508 <https://github.com/python-greenlet/greenlet/pull/508>_.

3.4.0 (2026-04-08)

• Publish binary wheels for RiscV 64.

• Fix multiple rare crash paths during interpreter shutdown.

  Note that this now relies on the atexit module, and introduces subtle API changes during interpreter shutdown (for example, getcurrent is no longer available once the atexit callback fires).

  See PR [#499](https://github.com/python-greenlet/greenlet/issues/499) <https://github.com/python-greenlet/greenlet/pull/499>_ by Nicolas Bouvrette.

• Address the results of an automated code audit performed by Daniel Diniz. This includes several minor correctness changes that

... (truncated)

Commits

• b5e5fc4 Preparing release 3.5.1
• c8e1774 Tweak wording in CHANGES about greenlet.getcurrent.
• 7fb10c5 Merge pull request #510 from python-greenlet/315
• 9718ce5 Add Py 3.15; make both API versions of getcurrent() consistent in raising Run...
• 276e08a Merge pull request #509 from python-greenlet/dependabot/github_actions/github...
• 32b0ad6 Bump pypa/gh-action-pypi-publish in the github-actions group
• 173b692 Back to development: 3.5.1
• c7acc72 Preparing release 3.5.0
• d08f99b CHANGES: Update link from #507 to more full description in #508.
• fd3391e Merge pull request #508 from python-greenlet/issue507-remove-atexit
• Additional commits viewable in compare view

Updates idna from 3.10 to 3.18

Changelog

Sourced from idna's changelog.

3.18 (2026-06-02)

• When decoding a domain, add a display argument that will pass through invalid labels rather than raising an exception.

3.17 (2026-05-28)

• Substantial 75% reduction in memory usage through new data structures and some optimization in processing speed.
• Added a general 1024-character input length cap to the public validation, conversion, and codec entry points. This is well above any legitimate domain or label and guards against pathological inputs.

3.16 (2026-05-22)

• Add a command-line interface (python -m idna, also available as the idna script). Encodes or decodes one or more domains supplied as arguments or on standard input, with options to select A-label or U-label output and control error handling.
• Raise the minimum supported Python version to 3.9
• Various code quality improvements

3.15 (2026-05-12)

• Enforce DNS-length cap on individual labels early in check_label, short-circuiting contextual-rule processing for oversized input while staying compatible with UTS 46 usage.
• Tidy core helpers: hoist bidi category sets to module-level frozensets (avoiding per-codepoint list construction), simplify length checks, and reuse the shared _unicode_dots_re from idna.core in the codec module.
• Use raise ... from err for proper exception chaining and switch internal string formatting to f-strings.
• Allow flit_core 4.x in the build backend.
• Expand the ruff lint set (flake8-bugbear, flake8-simplify, pyupgrade, perflint) and apply the surfaced fixes; pin lint CI to Python 3.14.
• Add Dependabot configuration for GitHub Actions.
• Convert README and HISTORY from reStructuredText to Markdown.
• Reference CVE-2026-45409 for the 3.14 advisory in place of the initial GHSA identifier.

Thanks to Felix Yan, Stan Ulbrych, and metsw24-max for contributions to this release.

3.14 (2026-05-10)

• Removed opportunity to process long inputs into quadratic time by rejecting oversize inputs up-front. Closes a bypass

... (truncated)

Commits

• f39ea90 Release 3.18
• 40f4e40 Pre-release 3.18rc0
• 1a5bf80 Merge pull request #253 from kjd/lenient-decode
• 5bbb26f Merge branch 'master' into lenient-decode
• c532bae Rename decode() lenient= option to display= (issue #248)
• 0b1758b Merge pull request #252 from kjd/release-3.17
• f48619c Release 3.17
• 7421ba8 Pre-release 3.17rc0
• 22ebb73 Merge pull request #251 from kjd/structure-optimizations
• 2a7ac0a Drop redundant parallel-arrays comment from uts46data
• Additional commits viewable in compare view

Updates importlib-metadata from 8.7.0 to 9.0.0

Changelog

Sourced from importlib-metadata's changelog.

v9.0.0

Deprecations and Removals

• Added MetadataNotFound (subclass of FileNotFoundError) and updated Distribution.metadata/metadata() to raise it when the metadata files are missing instead of returning Nonepython/cpython#143387#532)

v8.9.0

Features

• python/cpython#110937python/cpython#140141, python/cpython#143658)

v8.8.0

Features

• Removed Python 3.9 compatibility.

v8.7.1

Bugfixes

• Fixed errors in FastPath under fork-multiprocessing. (#520)
• Removed cruft from Python 3.8. (#524)

Commits

• a9f883f Finalize
• 9b0dfdf Raise an exception when no metadata file is found (#532)
• 0f2229c Merge branch 'main' into feature/no-metadata-exception
• 2f4088e Remove news fragments about internal details.
• 0ac2720 Add news fragment.
• a5c2154 Finalize
• e66e226 Drop support for EOL Python 3.9 (#530)
• 6027933 Add news fragment.
• b89388a Import os_helper directly.
• 2dcb761 Add uniform exclusions for test.support.
• Additional commits viewable in compare view

Updates importlib-resources from 6.5.2 to 7.1.0

Changelog

Sourced from importlib-resources's changelog.

v7.1.0

Features

• files() now provides a nicer error when main.spec is None. (#331)

v7.0.0

Deprecations and Removals

• Remove compatibility shim for deprecated parameter package in :func:importlib.resources.files. Patch by Semyon Moroz. (#332)

Commits

• 78c697d Finalize
• 5a2bffc A better error message from importlib.resources.files() when module spec is None
• d80822a Add news fragment.
• 6e2183f Revise the test for clarity and traceability.
• ee94f7c Merge branch 'main' into error-message-none-spec-module
• a542188 Extract method to encapsulate the validation.
• 74f308a Revert unrelated change to wrap_spec.
• c6773a1 Prefer bare asserts. They read better and they render nicer under pytest.
• 935b189 Replace UTF-16 BOM handling with a more direct helper.
• 4049971 Finalize
• Additional commits viewable in compare view

Updates kombu from 5.5.4 to 5.6.2

Release notes

Sourced from kombu's releases.

v5.6....

Description has been truncated