Bump the python group with 2 updates by dependabot[bot] · Pull Request #148 · trailofbits/it-depends

dependabot · 2026-05-01T07:00:14Z

Bumps the python group with 2 updates: pydantic-settings and build.

Updates pydantic-settings from 2.13.1 to 2.14.0

Release notes

Sourced from pydantic-settings's releases.

v2.14.0

What's Changed

Fix parsing env vars into Optional Strict types by @hramezani in pydantic/pydantic-settings#792

Fix RecursionError with mutually recursive models in CLI by @hramezani in pydantic/pydantic-settings#794

Fix env_file from model_config ignored in CliApp.run() (#795) by @hramezani in pydantic/pydantic-settings#796

Update dependencies by @hramezani in pydantic/pydantic-settings#798

Add Dependabot configuration by @hramezani in pydantic/pydantic-settings#801

Bump samuelcolvin/check-python-version from 4.1 to 5 by @dependabot[bot] in pydantic/pydantic-settings#802

Bump actions/upload-artifact from 4 to 7 by @dependabot[bot] in pydantic/pydantic-settings#803

Bump actions/checkout from 4 to 6 by @dependabot[bot] in pydantic/pydantic-settings#804

Bump astral-sh/setup-uv from 5 to 7 by @dependabot[bot] in pydantic/pydantic-settings#805

Bump actions/setup-python from 5 to 6 by @dependabot[bot] in pydantic/pydantic-settings#806

Ignore chardet and group GitHub Actions in Dependabot by @hramezani in pydantic/pydantic-settings#808

Bump actions/download-artifact from 4 to 8 in the github-actions group by @dependabot[bot] in pydantic/pydantic-settings#809

Bump the python-packages group with 2 updates by @dependabot[bot] in pydantic/pydantic-settings#810

Support reading .env files from FIFOs (e.g. 1Password Environments) by @JacobHayes in pydantic/pydantic-settings#776

Fix AliasChoices ignored when changing provider priority by @hramezani in pydantic/pydantic-settings#813

fix: resolve KeyError in run_subcommand for underscore field names by @bradykieffer in pydantic/pydantic-settings#799

Bump the python-packages group with 3 updates by @dependabot[bot] in pydantic/pydantic-settings#814

Fix Literal[numeric Enum] coercion for CLI and env vars by @m9810223 in pydantic/pydantic-settings#811

Fix nested discriminated unions not discovered by env/CLI providers by @hramezani in pydantic/pydantic-settings#816

Bump the python-packages group with 3 updates by @dependabot[bot] in pydantic/pydantic-settings#820

CLI ensure env nested max split internally. by @kschwab in pydantic/pydantic-settings#821

Bump the python-packages group with 4 updates by @dependabot[bot] in pydantic/pydantic-settings#824

Migrate boto3-stubs to types-boto3 by @hramezani in pydantic/pydantic-settings#831

Fix CLI not recognizing field name with validate_by_name and AliasChoices by @hramezani in pydantic/pydantic-settings#826

Allow customisation of the dotevn setting source to filter variables by @CaselIT in pydantic/pydantic-settings#832

Bump the python-packages group with 3 updates by @dependabot[bot] in pydantic/pydantic-settings#833

Introduce yamlfmt by @Viicos in pydantic/pydantic-settings#836

Bump boto3 from 1.42.82 to 1.42.83 in the python-packages group by @dependabot[bot] in pydantic/pydantic-settings#837

Introduce zizmor by @Viicos in pydantic/pydantic-settings#838

Fix CliPositionalArg[list[CustomType]] crash for custom types by @hramezani in pydantic/pydantic-settings#839

Add note about Mypy plugin for BaseSettings.__init__() by @Viicos in pydantic/pydantic-settings#842

Fix cli_ignore_unknown_args=True not working on subcommands by @hramezani in pydantic/pydantic-settings#844

Bump the python-packages group with 4 updates by @dependabot[bot] in pydantic/pydantic-settings#847

Fix CLI descriptions lost under python -OO by falling back to json_schema_extra by @hramezani in pydantic/pydantic-settings#843

Prepare release 2.14.0 by @hramezani in pydantic/pydantic-settings#848

New Contributors

@dependabot[bot] made their first contribution in pydantic/pydantic-settings#802

@JacobHayes made their first contribution in pydantic/pydantic-settings#776

@bradykieffer made their first contribution in pydantic/pydantic-settings#799

@CaselIT made their first contribution in pydantic/pydantic-settings#832

Full Changelog: pydantic/pydantic-settings@v2.13.1...v2.14.0

Commits

8916bee Prepare release 2.14.0 (#848)
39e551c Fix CLI descriptions lost under python -OO by falling back to `json_schema_...
9ed7f48 Bump the python-packages group with 4 updates (#847)
617c690 Fix cli_ignore_unknown_args=True not working on subcommands (#844)
577c05f Add note about Mypy plugin for BaseSettings.__init__() (#842)
2355bc5 Fix CliPositionalArg[list[CustomType]] crash for custom types (#839)
16bd6fd Introduce zizmor (#838)
df8b239 Bump boto3 from 1.42.82 to 1.42.83 in the python-packages group (#837)
c5401a2 Introduce yamlfmt (#836)
953e28e Bump the python-packages group with 3 updates (#833)
Additional commits viewable in compare view

Updates build from 1.4.3 to 1.4.4

Release notes

Sourced from build's releases.

1.4.4

What's Changed

🐛 fix(release): generate consistent CHANGELOG heading levels by @gaborbernat in pypa/build#1032

docs: move source links by @henryiii in pypa/build#1034

revert: drop PEP 660 change by @henryiii in pypa/build#1039

fix: ignore installed when running pip by @henryiii in pypa/build#1040

fix: revert part of #973 by @henryiii in pypa/build#1044

chore: report coverage failure lines by @henryiii in pypa/build#1046

tests: fix issue with uv run by @henryiii in pypa/build#1048

docs: reorganize testing docs for copy/paste by @abitrolly in pypa/build#1043

tests: keep environment from leaking in Python 3.15 by @henryiii in pypa/build#1049

docs: fix issue with changelog generation by @henryiii in pypa/build#1050

Full Changelog: pypa/build@1.4.3...1.4.4

Changelog

Sourced from build's changelog.

#################### 1.5.0 (2026-04-30) ####################

Features

Drop Python 3.9 support - by :user:henryiii (:issue:1036)

Bugfixes

Make --ignore-installed opt-in from the API via fresh=True - by :user:henryiii (:issue:1056)

Miscellaneous

:issue:1033

#################### 1.4.4 (2026-04-22) ####################

Bugfixes

Fix release pipeline generating CHANGELOG.rst entries with inconsistent heading levels, which broke sphinx -W and pinned Read the Docs stable at 1.4.0 - by :user:gaborbernat. (:issue:1031)

Revert :pr:1039 from build 1.4.3, no longer check direct_url (for now) - by :user:henryiii (:issue:1039)

Add --ignore-installed to pip install command to prevent issues with packages already present in the isolated build environment - by :user:henryiii (:issue:1037) (:issue:1040)

Partial revert of :pr:973, keeping log messages in one entry, multiple lines. (:issue:1044)

Miscellaneous

:issue:1048, :issue:1049

#################### 1.4.3 (2026-04-10) ####################

Features

... (truncated)

Commits

70666a2 chore: prepare for 1.4.4
653d865 docs: fix issue with changelog generation (#1050)
373b9ee tests: keep environment from leaking in Python 3.15 (#1049)
e37e2ae docs: reorganize testing docs for copy/paste (#1043)
e9c194a tests: fix issue with uv run (#1048)
03b7d70 chore: report coverage failure lines (#1046)
2afa3b5 fix: revert part of #973 (#1044)
b336f60 pre-commit: bump repositories (#1045)
6d8039a fix: ignore installed when running pip (#1040)
ebf6eba revert: drop PEP 660 change (#1039)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the python group with 2 updates: [pydantic-settings](https://github.com/pydantic/pydantic-settings) and [build](https://github.com/pypa/build). Updates `pydantic-settings` from 2.13.1 to 2.14.0 - [Release notes](https://github.com/pydantic/pydantic-settings/releases) - [Commits](pydantic/pydantic-settings@v2.13.1...v2.14.0) Updates `build` from 1.4.3 to 1.4.4 - [Release notes](https://github.com/pypa/build/releases) - [Changelog](https://github.com/pypa/build/blob/main/CHANGELOG.rst) - [Commits](pypa/build@1.4.3...1.4.4) --- updated-dependencies: - dependency-name: pydantic-settings dependency-version: 2.14.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python - dependency-name: build dependency-version: 1.4.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: python ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-05-04T06:47:32Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels May 1, 2026

dependabot Bot requested a review from evandowning as a code owner May 1, 2026 07:00

dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels May 1, 2026

dependabot Bot closed this May 4, 2026

dependabot Bot deleted the dependabot/uv/python-6febc4099f branch May 4, 2026 06:47

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the python group with 2 updates#148

Bump the python group with 2 updates#148
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/uv/python-6febc4099f

dependabot Bot commented on behalf of github May 1, 2026 •

edited

Loading

Uh oh!

dependabot Bot commented on behalf of github May 4, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github May 1, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v2.14.0

What's Changed

New Contributors

1.4.4

What's Changed

Uh oh!

dependabot Bot commented on behalf of github May 4, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot Bot commented on behalf of github May 1, 2026 •

edited

Loading