chore(deps): bump the python-packages group with 4 updates

[dependabot]

Bumps the python-packages group with 4 updates: requests, tqdm, black and isort.

Updates requests from 2.31.0 to 2.32.5

Release notes

Sourced from requests's releases.

v2.32.5

2.32.5 (2025-08-18)

Bugfixes

• The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

• Added support for Python 3.14.
• Dropped support for Python 3.8 following its end of support.

v2.32.4

2.32.4 (2025-06-10)

Security

• CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file. (#6965)

Improvements

• Numerous documentation improvements

Deprecations

• Added support for pypy 3.11 for Linux and macOS. (#6926)
• Dropped support for pypy 3.9 following its end of support. (#6926)

v2.32.3

2.32.3 (2024-05-29)

Bugfixes

• Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of HTTPAdapter. (#6716)
• Fixed issue where Requests started failing to run on Python versions compiled without the ssl module. (#6724)

v2.32.2

2.32.2 (2024-05-21)

Deprecations

• To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API.

... (truncated)

Changelog

Sourced from requests's changelog.

2.32.5 (2025-08-18)

Bugfixes

• The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

• Added support for Python 3.14.
• Dropped support for Python 3.8 following its end of support.

2.32.4 (2025-06-10)

Security

• CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file.

Improvements

• Numerous documentation improvements

Deprecations

• Added support for pypy 3.11 for Linux and macOS.
• Dropped support for pypy 3.9 following its end of support.

2.32.3 (2024-05-29)

Bugfixes

• Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of HTTPAdapter. (#6716)
• Fixed issue where Requests started failing to run on Python versions compiled without the ssl module. (#6724)

2.32.2 (2024-05-21)

Deprecations

• To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

  A minimal (2-line) example has been provided in the linked PR to ease

... (truncated)

Commits

• b25c87d v2.32.5
• 131e506 Merge pull request #7010 from psf/dependabot/github_actions/actions/checkout-...
• b336cb2 Bump actions/checkout from 4.2.0 to 5.0.0
• 46e939b Update publish workflow to use artifact-id instead of name
• 4b9c546 Merge pull request #6999 from psf/dependabot/github_actions/step-security/har...
• 7618dbe Bump step-security/harden-runner from 2.12.0 to 2.13.0
• 2edca11 Add support for Python 3.14 and drop support for Python 3.8 (#6993)
• fec96cd Update Makefile rules (#6996)
• d58d8aa docs: clarify timeout parameter uses seconds in Session.request (#6994)
• 91a3eab Bump github/codeql-action from 3.28.5 to 3.29.0
• Additional commits viewable in compare view

Updates tqdm from 4.66.1 to 4.67.1

Release notes

Sourced from tqdm's releases.

tqdm v4.67.1 stable

• fix gui (matplotlib syntax) (#1629)
• misc test & framework updates
  • bump pytest-asyncio (#1630)
  • fix codecov rate limit
  • fix pybuild
  • sync dependencies

tqdm v4.67.0 stable

• contrib.discord: replace disco-py with requests (#1536)

tqdm v4.66.6 stable

• cli: zip-safe --manpath, --comppath (#1627)
• misc framework updates (#1627)
  • fix pytest DeprecationWarning
  • fix snapcraft build
  • fix nbval DeprecationWarning
  • update & tidy workflows
  • bump pre-commit
  • docs: update URLs

tqdm v4.66.5 stable

• support ncols auto-detection on FreeBSD (#1602 <- casperdcl/git-fame#98)
• fix Python 3.13 CLI (#1594 <- #1585)
• fix Python 3.13 tests (#1595 <- python/cpython#117536)
• misc framework updates (#1602)
  • add official Python 3.12 support
  • bump deps (NiklasRosenstein/pydoc-markdown#329, tikitu/jsmin#44)

tqdm v4.66.4 stable

• rich: fix completion (#1395 <- #1306)
• minor framework updates & code tidy (#1578)

tqdm v4.66.3 stable

• cli: eval safety (fixes CVE-2024-34062, GHSA-g7vv-2v7x-gj9p)

tqdm v4.66.2 stable

• pandas: add DataFrame.progress_map (#1549)
• notebook: fix HTML padding (#1506)
• keras: fix resuming training when verbose>=2 (#1508)
• fix format_num negative fractions missing leading zero (#1548)
• fix Python 3.12 DeprecationWarning on import (#1519)
• linting: use f-strings (#1549)
• update tests (#1549)
  • fix pandas warnings
  • fix asv (airspeed-velocity/asv#1323)
  • fix macos notebook docstring indentation
• CI: bump actions (#1549)

Commits

• 0ed5d7f bump version, merge pull request #1629 from tqdm/fix-gui
• a2d5f1c tests: fix codecov rate limit
• cac7150 tests: bump pytest-asyncio
• 6338f62 deps: fix pybuild
• 342b15e tests: sync deps
• c66458d gui: fix matplotlib
• 35a6ee9 bump version, merge pull request #1536 from guigoruiz1
• 8aa9470 add discord requests dep
• 1db24b4 better user-agent
• 61365d8 handle rate limit
• Additional commits viewable in compare view

Updates black from 24.10.0 to 25.12.0

Release notes

Sourced from black's releases.

25.12.0

Please test out the draft 2026 style in version 26.1a1! This style will be finalized in the January release (26.1.0). Most of the changes in --preview will be in the 2026 stable style, but not all. Please share your feedback!

This release (25.12.0) will still produce the 2025 style.

Highlights

• Black no longer supports running with Python 3.9 (#4842)

Stable style

• Fix bug where comments preceding # fmt: off/# fmt: on blocks were incorrectly removed, particularly affecting Jupytext's # %% [markdown] comments (#4845)
• Fix crash when multiple # fmt: skip comments are used in a multi-part if-clause, on string literals, or on dictionary entries with long lines (#4872)
• Fix possible crash when fmt: directives aren't on the top level (#4856)

Preview style

• Fix fmt: skip skipping the line after instead of the line it's on (#4855)
• Remove unnecessary parentheses from the left-hand side of assignments while preserving magic trailing commas and intentional multiline formatting (#4865)
• Fix fix_fmt_skip_in_one_liners crashing on with statements (#4853)
• Fix fix_fmt_skip_in_one_liners crashing on annotated parameters (#4854)
• Fix new lines being added after imports with # fmt: skip on them (#4894)

Packaging

• Releases now include arm64 Windows binaries and wheels (#4814)

Integrations

• Add output-file input to GitHub Action psf/black to write formatter output to a file for artifact capture and log cleanliness (#4824)

25.11.0

Highlights

• Enable base 3.14 support (#4804)
• Add support for the new Python 3.14 t-string syntax introduced by PEP 750 (#4805)

Stable style

• Fix bug where comments between # fmt: off and # fmt: on were reformatted (#4811)
• Comments containing fmt directives now preserve their exact formatting instead of being normalized (#4811)

... (truncated)

Changelog

Sourced from black's changelog.

25.12.0

Highlights

• Black no longer supports running with Python 3.9 (#4842)

Stable style

• Fix bug where comments preceding # fmt: off/# fmt: on blocks were incorrectly removed, particularly affecting Jupytext's # %% [markdown] comments (#4845)
• Fix crash when multiple # fmt: skip comments are used in a multi-part if-clause, on string literals, or on dictionary entries with long lines (#4872)
• Fix possible crash when fmt: directives aren't on the top level (#4856)

Preview style

• Fix fmt: skip skipping the line after instead of the line it's on (#4855)
• Remove unnecessary parentheses from the left-hand side of assignments while preserving magic trailing commas and intentional multiline formatting (#4865)
• Fix fix_fmt_skip_in_one_liners crashing on with statements (#4853)
• Fix fix_fmt_skip_in_one_liners crashing on annotated parameters (#4854)
• Fix new lines being added after imports with # fmt: skip on them (#4894)

Packaging

• Releases now include arm64 Windows binaries and wheels (#4814)

Integrations

• Add output-file input to GitHub Action psf/black to write formatter output to a file for artifact capture and log cleanliness (#4824)

25.11.0

Highlights

• Enable base 3.14 support (#4804)
• Add support for the new Python 3.14 t-string syntax introduced by PEP 750 (#4805)

Stable style

• Fix bug where comments between # fmt: off and # fmt: on were reformatted (#4811)
• Comments containing fmt directives now preserve their exact formatting instead of being normalized (#4811)

Preview style

• Move multiline_string_handling from --unstable to --preview (#4760)
• Fix bug where module docstrings would be treated as normal strings if preceded by comments (#4764)

... (truncated)

Commits

• 782e560 Pin actions/[email protected] (#4895)
• f0f4094 Fix new lines being added after imports with # fmt: skip on them (#4894)
• 70fc194 Revert "Fix # fmt: skip ignored in deeply nested expressions" (#4893)
• 7044b14 Prepare 25.12.0 release (#4891)
• 5b470f0 Fix # fmt: skip ignored in deeply nested expressions (#4883)
• 1b342ef Fix crash when multiple # fmt: skip comments are used in multi-part if-clau...
• 7b265f1 Pin Hatch to hopefully fix Docker builds (#4878)
• c9523f4 Attempt to fix Docker build failures (#4876)
• 0f376e0 Fix crashes when fmt directives are indented (#4856)
• a8bfcc1 Fix fmt: skip skipping the line after instead of the line it's on (#4855)
• Additional commits viewable in compare view

Updates isort from 5.13.2 to 7.0.0

Release notes

Sourced from isort's releases.

7.0.0

Changes

💥 Breaking Changes

• Drop support for Python 3.9 (#2430) @​DanielNoord

🚀 Features

• Show absolute paths in skipped file messages (#2416) @​pranlawate

🪲 Fixes

• Some fixes for Python 3.14 (#2433) @​DanielNoord
• Test on 3.14 and fix any bugs (#2425) @​DanielNoord
• Update CHANGELOG.md + Fix Formatting and Grammar (#2419) @​lukbrew25
• Fix output of hanging indent for long lines with noqa (#2407) @​matan1008

👷 Continuous Integration

• Format with ruff instead of black (#2432) @​DanielNoord
• Target 3.10 for ruff (#2431) @​DanielNoord
• Update development dependencies to latest version (#2426) @​DanielNoord
• docs: update pre-commit examples to version 6.1.0 (#2413) @​pranlawate
• Small cleanup for developer environment (#2418) @​DanielNoord

📦 Dependencies

• Bump actions/setup-python from 5 to 6 in the github-actions group (#2411) @dependabot[bot]

6.1.0

Changes

• Update docs discussions channel (#2410) @​staticdev
• Add python 3.14 classifier and badge (#2409) @​staticdev
• Drop use of non-standard pkg_resources API (#2405) @​dvarrazzo
• Use working isort version in pre-commit example (#2402) @​iainelder
• fix typo in _get_files_from_dir_cached test (#2392) @​tiltingpenguin
• Resolve bandit warnings (#2379) @​kurtmckee
• Add tox for cross-platform, parallel test suite execution (#2378) @​kurtmckee
• Add Project URLs to PyPI Side Panel (#2387) @​guillermodotn
• Fix typos (#2376) @​co63oc

👷 Continuous Integration

• Add make bash scripts portable (#2377) @​staticdev

📦 Dependencies

• Bump actions/checkout from 4 to 5 in the github-actions group (#2406) @dependabot[bot]

... (truncated)

Changelog

Sourced from isort's changelog.

Changelog

NOTE: isort follows the semver versioning standard. Find out more about isort's release policy here.

Unreleased

• Removed --old-finders and --magic-placement flags and old_finders configuration option. The legacy finder logic that relied on environment introspection has been removed (#2445) @​joao-faria-dev

6.1.0 October 1 2025

• Add python 3.14 classifier and badge (#2409) @​staticdev
• Drop use of non-standard pkg_resources API (#2405) @​dvarrazzo

6.0.1 Febuary 26 2025

• Add OSError handling in find_imports_in_file (#2331) @​kobarity

6.0.0 January 27 2025

• Remove support for Python 3.8 (#2327) @​DanielNoord
• Python 3.13 support (#2306) @​mayty
• Speed up exists_case_sensitive calls (#2264) @​correctmost
• Ensure that split_on_trailing_comma works with as imports (#2340) @​DanielNoord
• Black profile: enable magic comma (#2236) @​MrMino
• Update line_length and single_line_exclusions in google profile (#2149) @​jagapiou
• Allow --diff to be used with --jobs (#2302) @​mnakama
• Fix wemake profile to have correct character limit (#2241) @​sobolevn
• Fix sort_reexports code mangling (#2283) @​Helveg
• Fix correct group by package tokenization (#2136) @​glasnt

Commits

• 0a09c78 Merge pull request #2433 from DanielNoord/python-314
• 0fee794 Add 3.14 to stdlibds
• 332a1ad Bump zstandard for 3.14 compat
• f756e56 Merge pull request #2432 from DanielNoord/ruff-it-up
• 52f5134 Format with ruff instead of black
• 012aa69 Merge pull request #2431 from DanielNoord/ruff-it-up
• 89773db Target 3.10 with ruff
• 933e382 Merge pull request #2430 from DanielNoord/drop-39
• 8b6e00c Remove support for Python 3.9
• b5f9f29 Bump profile plugin to 3.10+ and re-lock
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies, python. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.