Skip to content

Bump the patches-and-minor-upgrades group in /.github/workflows with 2 updates#192

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/pip/dot-github/workflows/patches-and-minor-upgrades-66905aae5b
Open

Bump the patches-and-minor-upgrades group in /.github/workflows with 2 updates#192
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/pip/dot-github/workflows/patches-and-minor-upgrades-66905aae5b

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 5, 2026

Bumps the patches-and-minor-upgrades group in /.github/workflows with 2 updates: pip and poetry.

Updates pip from 26.1 to 26.1.1

Changelog

Sourced from pip's changelog.

26.1.1 (2026-05-04)

Bug Fixes

  • Fix issue where uninstallation left behind empty directories. Revert the removal of the adjacent __pycache__ directory when a .py file is removed. ([#13973](https://github.com/pypa/pip/issues/13973) <https://github.com/pypa/pip/issues/13973>_)
Commits

Updates poetry from 2.3.4 to 2.4.0

Release notes

Sourced from poetry's releases.

2.4.0

Added

  • Add solver.min-release-age setting to require package releases to be a certain number of days old before they are considered during dependency resolution (#10824).
  • Add solver.min-release-age-exclude to exclude selected packages from age filtering (#10824).
  • Add solver.min-release-age-exclude-source to exclude all packages from selected package indexes from age filtering (#10824).

Changed

  • Raise an error instead of silently ignoring a package name that is not a dependency when it is passed to poetry update (#10721).
  • Automatically add a trailing slash to legacy repository URLs (used for publishing) if missing (#10785).
  • Require installer>=1.0.0 (#10869).
  • Allow findpython>=0.8 (#10874).

Fixed

  • Fix an issue where requires-plugins fails on Windows if scheme paths are on different drives (#10869).
  • Fix an issue where the order of markers in the lock file was not deterministic (#10720).
  • Fix an issue where the wrong command was suggested when poetry self commands failed due to an outdated lock file (#10715).
  • Fix an issue where poetry env activate did not work for bash on Windows (#10716).
  • Fix an issue where poetry debug resolve failed when there was a package with a marker (#10807).
  • Fix an issue where the error message about a build backend failure contained garbled --config-settings (#10804).
  • Fix an issue where a false warning about a circular dependency was printed (#10811).
  • Fix an issue where falsy config values were incorrectly treated as not set (#10808).
  • Fix an issue where poetry publish --build ignored failing builds and uploaded stale artifacts (#10802).
  • Fix an issue where poetry publish was aborted instead of retrying after package registration (#10801).
  • Fix an issue where zip files were not closed after fetching metadata via lazy-wheel (#10800).
  • Fix an issue where data fetched via lazy-wheel was corrupted when part of it had already been cached (#10806).
  • Fix an issue where further packages were installed even though installation should be aborted (#10742).
  • Fix an issue where installed packages without a METADATA file caused an exception on Python 3.15+ (#10860).
  • Fix an issue where http-basic could not be set for repository names with periods (#10845).
  • Fix an issue where calculating the hash of large wheels failed with a memory error (#10814).

Docs

  • Clarify the precedence of configuration sources (#10757).
  • Add a note about the influence of .gitignore on tool.poetry.packages (#10835).

poetry-core (2.4.0)

  • Update vendored packaging to 26.2 (#936).
Changelog

Sourced from poetry's changelog.

[2.4.0] - 2026-05-03

Added

  • Add solver.min-release-age setting to require package releases to be a certain number of days old before they are considered during dependency resolution (#10824).
  • Add solver.min-release-age-exclude to exclude selected packages from age filtering (#10824).
  • Add solver.min-release-age-exclude-source to exclude all packages from selected package indexes from age filtering (#10824).

Changed

  • Raise an error instead of silently ignoring a package name that is not a dependency when it is passed to poetry update (#10721).
  • Automatically add a trailing slash to legacy repository URLs (used for publishing) if missing (#10785).
  • Require installer>=1.0.0 (#10869).
  • Allow findpython>=0.8 (#10874).

Fixed

  • Fix an issue where requires-plugins fails on Windows if scheme paths are on different drives (#10869).
  • Fix an issue where the order of markers in the lock file was not deterministic (#10720).
  • Fix an issue where the wrong command was suggested when poetry self commands failed due to an outdated lock file (#10715).
  • Fix an issue where poetry env activate did not work for bash on Windows (#10716).
  • Fix an issue where poetry debug resolve failed when there was a package with a marker (#10807).
  • Fix an issue where the error message about a build backend failure contained garbled --config-settings (#10804).
  • Fix an issue where a false warning about a circular dependency was printed (#10811).
  • Fix an issue where falsy config values were incorrectly treated as not set (#10808).
  • Fix an issue where poetry publish --build ignored failing builds and uploaded stale artifacts (#10802).
  • Fix an issue where poetry publish was aborted instead of retrying after package registration (#10801).
  • Fix an issue where zip files were not closed after fetching metadata via lazy-wheel (#10800).
  • Fix an issue where data fetched via lazy-wheel was corrupted when part of it had already been cached (#10806).
  • Fix an issue where further packages were installed even though installation should be aborted (#10742).
  • Fix an issue where installed packages without a METADATA file caused an exception on Python 3.15+ (#10860).
  • Fix an issue where http-basic could not be set for repository names with periods (#10845).
  • Fix an issue where calculating the hash of large wheels failed with a memory error (#10814).

Docs

  • Clarify the precedence of configuration sources (#10757).
  • Add a note about the influence of .gitignore on tool.poetry.packages (#10835).

poetry-core (2.4.0)

  • Update vendored packaging to 26.2 (#936).
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the patches-and-minor-upgrades group
263adea 
Bumps the patches-and-minor-upgrades group in /.github/workflows with 2 updates: [pip](https://github.com/pypa/pip) and [poetry](https://github.com/python-poetry/poetry).


Updates `pip` from 26.1 to 26.1.1
- [Changelog](https://github.com/pypa/pip/blob/main/NEWS.rst)
- [Commits](pypa/pip@26.1...26.1.1)

Updates `poetry` from 2.3.4 to 2.4.0
- [Release notes](https://github.com/python-poetry/poetry/releases)
- [Changelog](https://github.com/python-poetry/poetry/blob/main/CHANGELOG.md)
- [Commits](python-poetry/poetry@2.3.4...2.4.0)

---
updated-dependencies:
- dependency-name: pip
  dependency-version: 26.1.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patches-and-minor-upgrades
- dependency-name: poetry
  dependency-version: 2.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: patches-and-minor-upgrades
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Upgrade or downgrade of project dependencies. minor This PR causes a minor version bump in the version number. python Pull requests that update Python code labels May 5, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Upgrade or downgrade of project dependencies. development minor This PR causes a minor version bump in the version number. python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@exonet-ci