Skip to content

Bump the minor-and-patch group across 1 directory with 4 updates#171

Merged
jangevaare merged 1 commit intomainfrom
dependabot/uv/minor-and-patch-1c3deb573f
Mar 16, 2026
Merged

Bump the minor-and-patch group across 1 directory with 4 updates#171
jangevaare merged 1 commit intomainfrom
dependabot/uv/minor-and-patch-1c3deb573f

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 16, 2026

Bumps the minor-and-patch group with 4 updates in the / directory: pypdf, ty, git-changelog and pypandoc.

Updates pypdf from 6.7.2 to 6.9.0

Release notes

Sourced from pypdf's releases.

Version 6.9.0, 2026-03-15

What's new

New Features (ENH)

Performance Improvements (PI)

Bug Fixes (BUG)

  • Avoid sharing array-based content streams between pages (#3681) by @​stefan6419846
  • Avoid accessing invalid page when inserting blank page under some conditions (#3529) by @​j-t-1

Full Changelog

Version 6.8.0, 2026-03-09

What's new

Security (SEC)

New Features (ENH)

Documentation (DOC)

Full Changelog

Version 6.7.5, 2026-03-02

What's new

Security (SEC)

Full Changelog

Version 6.7.4, 2026-02-27

What's new

Security (SEC)

Robustness (ROB)

Full Changelog

... (truncated)

Changelog

Sourced from pypdf's changelog.

Version 6.9.0, 2026-03-15

New Features (ENH)

  • Expose /Perms verification result on Encryption object (#3672)

Performance Improvements (PI)

  • Fix O(n²) performance in NameObject read/write (#3679)
  • Batch-parse all objects in ObjStm on first access (#3677)

Bug Fixes (BUG)

  • Avoid sharing array-based content streams between pages (#3681)
  • Avoid accessing invalid page when inserting blank page under some conditions (#3529)

Full Changelog

Version 6.8.0, 2026-03-09

Security (SEC)

  • Limit allowed /Length value of stream (#3675)

New Features (ENH)

  • Add /IRT (in-reply-to) support for markup annotations (#3631)

Documentation (DOC)

  • Avoid using PageObject.replace_contents on PdfReader (#3669)
  • Document how to disable jbig2dec calls

Full Changelog

Version 6.7.5, 2026-03-02

Security (SEC)

  • Improve the performance of the ASCIIHexDecode filter (#3666)

Full Changelog

Version 6.7.4, 2026-02-27

Security (SEC)

  • Allow limiting output length for RunLengthDecode filter (#3664)

Robustness (ROB)

  • Deal with invalid annotations in extract_links (#3659)

Full Changelog

Version 6.7.3, 2026-02-24

Security (SEC)

  • Use zlib decompression limit when retrieving XFA data (#3658)

... (truncated)

Commits
  • 8f1f4aa REL: 6.9.0
  • 5a9a0da BUG: Avoid sharing array-based content streams between pages (#3681)
  • a3451e8 ENH: Expose /Perms verification result on Encryption object (#3672)
  • 3a4e913 PI: Fix O(n²) performance in NameObject read/write (#3679)
  • cf2e518 PI: Batch-parse all objects in ObjStm on first access (#3677)
  • 2cfcd7e BUG: Avoid accessing invalid page when inserting blank page under some condit...
  • a869ece REL: 6.8.0
  • 3c550b3 SEC: Limit allowed /Length value of stream (#3675)
  • 5dae0e2 MAINT: Document and test XMP security (#3674)
  • b9f66ab DEV: Change to loadfile strategy for PyPy in CI (#3671)
  • Additional commits viewable in compare view

Updates ty from 0.0.18 to 0.0.23

Release notes

Sourced from ty's releases.

0.0.23

Release Notes

Released on 2026-03-13.

Bug fixes

  • Fix false-positive diagnostics for PEP-604 union annotations on attribute targets on Python 3.9 when from __future__ import annotations is active (#23915)
  • dataclass_transform: Respect kw_only overwrites in dataclasses (#23930)
  • Fix too-many-cycle panics when inferring loop variables with Literal types (#23875)

Server

Core type checking

  • Split errors for possibly missing submodules into a new possibly-missing-submodule error code (enabled by default), and make possibly-missing-attribute ignored by default (#23918)
  • Improve handling of bidirectional inference when (#23844)
  • Fix inference of conditionally defined properties (#23925)

Improvements to diagnostics

  • Clarify in diagnostics that from __future__ import annotations only stringifies type annotations (#23928)

Performance improvements

  • Avoid duplicated work during multi-inference (#23923)

Contributors

Install ty 0.0.23

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ty/releases/download/0.0.23/ty-installer.sh | sh

Install prebuilt binaries via powershell script

... (truncated)

Changelog

Sourced from ty's changelog.

0.0.23

Released on 2026-03-13.

Bug fixes

  • Fix false-positive diagnostics for PEP-604 union annotations on attribute targets on Python 3.9 when from __future__ import annotations is active (#23915)
  • dataclass_transform: Respect kw_only overwrites in dataclasses (#23930)
  • Fix too-many-cycle panics when inferring loop variables with Literal types (#23875)

Server

Core type checking

  • Split errors for possibly missing submodules into a new possibly-missing-submodule error code (enabled by default), and make possibly-missing-attribute ignored by default (#23918)
  • Improve handling of bidirectional inference when (#23844)
  • Fix inference of conditionally defined properties (#23925)

Improvements to diagnostics

  • Clarify in diagnostics that from __future__ import annotations only stringifies type annotations (#23928)

Performance improvements

  • Avoid duplicated work during multi-inference (#23923)

Contributors

0.0.22

Released on 2026-03-12.

Bug fixes

  • Fix issue where variables could be inferred as Divergent if they were assigned using tuple unpacking in loops (#23812)
  • Allow error = "all" in a root pyproject.toml file to be overridden using tool.ty.overrides in a subdirectory's pyproject.toml file (#23712)
  • Only unsoundly upcast type[] types to their constructor Callable type during assignability checks, not during redundancy/subtyping checks (#23834, #23901)
  • Fix stack overflow that could occur with certain recursive protocols (#23870)

... (truncated)

Commits

Updates git-changelog from 2.7.1 to 2.9.0

Release notes

Sourced from git-changelog's releases.

2.9.0

2.9.0 - 2026-03-13

Compare with 2.8.1

Features

2.8.1

2.8.1 - 2026-03-12

Compare with 2.8.0

Bug Fixes

  • Correctly use default version-regex and marker-line when printing release notes (86b6811 by Timothée Mazzucotelli).

2.8.0

2.8.0 - 2026-03-12

Compare with 2.7.1

Features

  • Add Debian changelog template (c990e7a by Patrik Dufresne).
  • Add special marker-line :prepend: (214cbb8 by Patrik Dufresne).

Bug Fixes

  • Keep timezone information from Git commit (5b2763a by Patrik Dufresne). Issue-117
Changelog

Sourced from git-changelog's changelog.

2.9.0 - 2026-03-13

Compare with 2.8.1

Features

2.8.1 - 2026-03-12

Compare with 2.8.0

Bug Fixes

  • Correctly use default version-regex and marker-line when printing release notes (86b6811 by Timothée Mazzucotelli).

2.8.0 - 2026-03-12

Compare with 2.7.1

Features

  • Add Debian changelog template (c990e7a by Patrik Dufresne).
  • Add special marker-line :prepend: (214cbb8 by Patrik Dufresne).

Bug Fixes

  • Keep timezone information from Git commit (5b2763a by Patrik Dufresne). Issue-117
Commits
  • 4adc6b4 chore: Prepare release 2.9.0
  • 5e1bc00 ci: Ignore ty warnings
  • 4e19299 feat: Add Linux commit message convention
  • 585acd6 chore: Prepare release 2.8.1
  • 86b6811 fix: Correctly use default version-regex and marker-line when printing releas...
  • 5e71b7d chore: Prepare release 2.8.0
  • 54a4fbe ci: Update Ruff/ty lints
  • 3ca91cf chore: Template upgrade
  • b481280 ci: Remove unused type-ignore comments
  • c990e7a feat: Add Debian changelog template
  • Additional commits viewable in compare view

Updates pypandoc from 1.16.2 to 1.17

Release notes

Sourced from pypandoc's releases.

Latest Development Version

Commits

  • 7e33806: Bump astral-sh/setup-uv from 5 to 7 (dependabot[bot]) #432
  • 4d162e9: Bump docker/setup-qemu-action from 3 to 4 (dependabot[bot]) #433
  • 5ee338d: Merge branch 'master' into dependabot/github_actions/docker/setup-qemu-action-4 (Jessica Tegner) #433
Commits
  • 51af11f Skip delocate repair for macOS binary wheels
  • a19984f Fix cibuildwheel version tag to v3.4.0
  • b30f851 Upgrade cibuildwheel from v2 to v3
  • 52ef402 Merge pull request #431 from JessicaTegner/improve_download
  • e1926a2 Move GITHUB_TOKEN to workflow-level env
  • dd1d123 Fix incomplete URL substring sanitization (CodeQL)
  • 69bddd0 [pre-commit.ci] auto fixes from pre-commit.com hooks
  • 009df66 Add tests for pandoc download retry and auth behavior
  • 16fb5e4 Fix GitHub 429 rate limit errors in pandoc download
  • 497e395 Merge pull request #427 from JessicaTegner/issue423
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the minor-and-patch group across 1 directory with 4 updates
02d3e51 
Bumps the minor-and-patch group with 4 updates in the / directory: [pypdf](https://github.com/py-pdf/pypdf), [ty](https://github.com/astral-sh/ty), [git-changelog](https://github.com/pawamoy/git-changelog) and [pypandoc](https://github.com/JessicaTegner/pypandoc).


Updates `pypdf` from 6.7.2 to 6.9.0
- [Release notes](https://github.com/py-pdf/pypdf/releases)
- [Changelog](https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md)
- [Commits](py-pdf/pypdf@6.7.2...6.9.0)

Updates `ty` from 0.0.18 to 0.0.23
- [Release notes](https://github.com/astral-sh/ty/releases)
- [Changelog](https://github.com/astral-sh/ty/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ty@0.0.18...0.0.23)

Updates `git-changelog` from 2.7.1 to 2.9.0
- [Release notes](https://github.com/pawamoy/git-changelog/releases)
- [Changelog](https://github.com/pawamoy/git-changelog/blob/main/CHANGELOG.md)
- [Commits](pawamoy/git-changelog@2.7.1...2.9.0)

Updates `pypandoc` from 1.16.2 to 1.17
- [Release notes](https://github.com/JessicaTegner/pypandoc/releases)
- [Changelog](https://github.com/JessicaTegner/pypandoc/blob/master/release.md)
- [Commits](JessicaTegner/pypandoc@v1.16.2...v1.17)

---
updated-dependencies:
- dependency-name: pypdf
  dependency-version: 6.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: ty
  dependency-version: 0.0.23
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: git-changelog
  dependency-version: 2.9.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: pypandoc
  dependency-version: '1.17'
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Mar 16, 2026
@jangevaare jangevaare merged commit 7046eea into main Mar 16, 2026
1 check passed
@dependabot dependabot bot deleted the dependabot/uv/minor-and-patch-1c3deb573f branch March 16, 2026 15:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jangevaare