Skip to content

Bump the pip group across 1 directory with 9 updates#1

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/pip/docs/tools/pip-d70484fe6e
Open

Bump the pip group across 1 directory with 9 updates#1
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/pip/docs/tools/pip-d70484fe6e

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github May 22, 2026

Bumps the pip group with 9 updates in the /docs/tools directory:

Package From To
babel 2.8.0 2.9.1
certifi 2020.4.5.2 2024.7.4
idna 2.10 3.15
nltk 3.5 3.9.4
protobuf 3.14.0 5.29.6
numpy 1.21.2 1.22.0
pymdown-extensions 8.0 10.21.3
requests 2.25.1 2.33.0
tornado 6.1 6.5.5

Updates babel from 2.8.0 to 2.9.1

Release notes

Sourced from babel's releases.

Version 2.9.1

Bugfixes

  • The internal locale-data loading functions now validate the name of the locale file to be loaded and only allow files within Babel's data directory. Thank you to Chris Lyne of Tenable, Inc. for discovering the issue!

Version 2.9.0

Upcoming version support changes

  • This version, Babel 2.9, is the last version of Babel to support Python 2.7, Python 3.4, and Python 3.5.

Improvements

  • CLDR: Use CLDR 37 – Aarni Koskela (#734)
  • Dates: Handle ZoneInfo objects in get_timezone_location, get_timezone_name - Alessio Bogon (#741)
  • Numbers: Add group_separator feature in number formatting - Abdullah Javed Nesar (#726)

Bugfixes

  • Dates: Correct default Format().timedelta format to 'long' to mute deprecation warnings – Aarni Koskela
  • Import: Simplify iteration code in "import_cldr.py" – Felix Schwarz
  • Import: Stop using deprecated ElementTree methods "getchildren()" and "getiterator()" – Felix Schwarz
  • Messages: Fix unicode printing error on Python 2 without TTY. – Niklas Hambüchen
  • Messages: Introduce invariant that _invalid_pofile() takes unicode line. – Niklas Hambüchen
  • Tests: fix tests when using Python 3.9 – Felix Schwarz
  • Tests: Remove deprecated 'sudo: false' from Travis configuration – Jon Dufresne
  • Tests: Support Py.test 6.x – Aarni Koskela
  • Utilities: LazyProxy: Handle AttributeError in specified func – Nikiforov Konstantin (#724)
  • Utilities: Replace usage of parser.suite with ast.parse – Miro Hrončok

Documentation

  • Update parse_number comments – Brad Martin (#708)
  • Add iter to Catalog documentation – @​CyanNani123

Version 2.8.1

This patch version only differs from 2.8.0 in that it backports in #752.

Changelog

Sourced from babel's changelog.

Version 2.9.1

Bugfixes


* The internal locale-data loading functions now validate the name of the locale file to be loaded and only
  allow files within Babel's data directory.  Thank you to Chris Lyne of Tenable, Inc. for discovering the issue!

Version 2.9.0


Upcoming version support changes

  • This version, Babel 2.9, is the last version of Babel to support Python 2.7, Python 3.4, and Python 3.5.

Improvements


* CLDR: Use CLDR 37 – Aarni Koskela (:gh:`734`)
* Dates: Handle ZoneInfo objects in get_timezone_location, get_timezone_name - Alessio Bogon (:gh:`741`)
* Numbers: Add group_separator feature in number formatting - Abdullah Javed Nesar (:gh:`726`)

Bugfixes



* Dates: Correct default Format().timedelta format to 'long' to mute deprecation warnings – Aarni Koskela
* Import: Simplify iteration code in "import_cldr.py" – Felix Schwarz
* Import: Stop using deprecated ElementTree methods "getchildren()" and "getiterator()" – Felix Schwarz
* Messages: Fix unicode printing error on Python 2 without TTY. – Niklas Hambüchen
* Messages: Introduce invariant that _invalid_pofile() takes unicode line. – Niklas Hambüchen
* Tests: fix tests when using Python 3.9 – Felix Schwarz
* Tests: Remove deprecated 'sudo: false' from Travis configuration – Jon Dufresne
* Tests: Support Py.test 6.x – Aarni Koskela
* Utilities: LazyProxy: Handle AttributeError in specified func – Nikiforov Konstantin (:gh:`724`)
* Utilities: Replace usage of parser.suite with ast.parse – Miro Hrončok

Documentation

</code></pre>

<ul>

<li>Update parse_number comments – Brad Martin (:gh:<code>708</code>)</li>

<li>Add <strong>iter</strong> to Catalog documentation – <a href="https://github.com/CyanNani123&quot;&gt;&lt;code&gt;@​CyanNani123&lt;/code&gt;&lt;/a&gt;&lt;/li>

</ul>

<h2>Version 2.8.1</h2>

<p>This is solely a patch release to make running tests on Py.test 6+ possible.</p>

<p>Bugfixes</p>

<!-- raw HTML omitted -->

</blockquote>

<p>... (truncated)</p>

</details>

<details>

<summary>Commits</summary>


<ul>

<li><a href="https://github.com/python-babel/babel/commit/a99fa2474c808b51ebdabea18db871e389751559&quot;&gt;&lt;code&gt;a99fa24&lt;/code&gt;&lt;/a> Use 2.9.0's setup.py for 2.9.1</li>

<li><a href="https://github.com/python-babel/babel/commit/60b33e083801109277cb068105251e76d0b7c14e&quot;&gt;&lt;code&gt;60b33e0&lt;/code&gt;&lt;/a> Become 2.9.1</li>

<li><a href="https://github.com/python-babel/babel/commit/412015ef642bfcc0d8ba8f4d05cdbb6aac98d9b3&quot;&gt;&lt;code&gt;412015e&lt;/code&gt;&lt;/a> Merge pull request <a href="https://redirect.github.com/python-babel/babel/issues/782&quot;&gt;#782&lt;/a> from python-babel/locale-basename</li>

<li><a href="https://github.com/python-babel/babel/commit/5caf717ceca4bd235552362b4fbff88983c75d8c&quot;&gt;&lt;code&gt;5caf717&lt;/code&gt;&lt;/a> Disallow special filenames on Windows</li>

<li><a href="https://github.com/python-babel/babel/commit/3a700b5b8b53606fd98ef8294a56f9510f7290f8&quot;&gt;&lt;code&gt;3a700b5&lt;/code&gt;&lt;/a> Run locale identifiers through <code>os.path.basename()</code></li>

<li><a href="https://github.com/python-babel/babel/commit/5afe2b2f11dcdd6090c00231d342c2e9cd1bdaab&quot;&gt;&lt;code&gt;5afe2b2&lt;/code&gt;&lt;/a> Merge pull request <a href="https://redirect.github.com/python-babel/babel/issues/754&quot;&gt;#754&lt;/a> from python-babel/github-ci</li>

<li><a href="https://github.com/python-babel/babel/commit/58de8342f865df88697a4a166191e880e3c84d82&quot;&gt;&lt;code&gt;58de834&lt;/code&gt;&lt;/a> Replace Travis + Appveyor with GitHub Actions (WIP)</li>

<li><a href="https://github.com/python-babel/babel/commit/d1bbc08e845d03d8e1f0dfa0e04983d755f39cb5&quot;&gt;&lt;code&gt;d1bbc08&lt;/code&gt;&lt;/a> import_cldr: use logging; add -q option</li>

<li><a href="https://github.com/python-babel/babel/commit/156b7fb9f377ccf58c71cf01dc69fb10c7b69314&quot;&gt;&lt;code&gt;156b7fb&lt;/code&gt;&lt;/a> Quiesce CLDR download progress bar if requested (or not a TTY)</li>

<li><a href="https://github.com/python-babel/babel/commit/613dc1700f91c3d40b081948c0dd6023d8ece057&quot;&gt;&lt;code&gt;613dc17&lt;/code&gt;&lt;/a> Make the import warnings about unsupported number systems less verbose</li>

<li>Additional commits viewable in <a href="https://github.com/python-babel/babel/compare/v2.8.0...v2.9.1&quot;&gt;compare view</a></li>

</ul>

</details>


<br />


Updates certifi from 2020.4.5.2 to 2024.7.4



Commits






Updates idna from 2.10 to 3.15



Release notes

Sourced from idna's releases.




v3.15


No release notes provided.


v3.14


No release notes provided.


v3.13


No release notes provided.


v3.12


No release notes provided.


v3.11


No release notes provided.


v3.10


No release notes provided.


v3.9


No release notes provided.


v3.8


What's Changed


    

  • Fix regression where IDNAError exception was not being produced for certain inputs.
    • 

  • Add support for Python 3.13, drop support for Python 3.5 as it is no longer testable.
    • 

  • Documentation improvements
    • 

  • Updates to package testing using Github actions
    • 



Thanks to Hugo van Kemenade for contributions to this release.


Full Changelog: https://github.com/kjd/idna/compare/v3.7...v3.8


v3.7


What's Changed


    

  • Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]
    • 



Thanks to Guido Vranken for reporting the issue.


Full Changelog: https://github.com/kjd/idna/compare/v3.6...v3.7







Changelog

Sourced from idna's changelog.




3.15 (2026-05-12)


    

  • Enforce DNS-length cap on individual labels early in check_label,
short-circuiting contextual-rule processing for oversized input
while staying compatible with UTS 46 usage.
    • 

  • Tidy core helpers: hoist bidi category sets to module-level
frozensets (avoiding per-codepoint list construction), simplify
length checks, and reuse the shared _unicode_dots_re from
idna.core in the codec module.
    • 

  • Use raise ... from err for proper exception chaining and
switch internal string formatting to f-strings.
    • 

  • Allow flit_core 4.x in the build backend.
    • 

  • Expand the ruff lint set (flake8-bugbear, flake8-simplify,
pyupgrade, perflint) and apply the surfaced fixes; pin lint CI
to Python 3.14.
    • 

  • Add Dependabot configuration for GitHub Actions.
    • 

  • Convert README and HISTORY from reStructuredText to Markdown.
    • 

  • Reference CVE-2026-45409 for the 3.14 advisory in place of the
initial GHSA identifier.
    • 



Thanks to Felix Yan, Stan Ulbrych, and metsw24-max for
contributions to this release.


3.14 (2026-05-10)


    

  • Removed opportunity to process long inputs into quadratic
time by rejecting oversize inputs up-front. Closes a bypass
of the CVE-2024-3651 mitigation. [CVE-2026-45409]
    • 



Thanks to Stan Ulbrych for reporting the issue.


3.13 (2026-04-22)


    

  • Correct classification error for codepoint U+A7F1
    • 



3.12 (2026-04-21)


    

  • Update to Unicode 17.0.0.
    • 

  • Issue a deprecation warning for the transitional argument.
    • 

  • Added lazy-loading to provide some performance improvements.
    • 

  • Removed vestiges of code related to Python 2 support, including
segmentation of data structures specific to Jython.
    • 



Thanks to Rodrigo Nogueira for contributions to this release.


3.11 (2025-10-12)


    

  • Update to Unicode 16.0.0, including significant changes to UTS46
processing. As a result of Unicode ending support for it, transitional
processing no longer has an effect and returns the same result.
    • 






... (truncated)





Commits

    

  • af30a09 Release 3.15
    • 

  • 30314d4 Pre-release 3.15rc0
    • 

  • 05d4b21 Merge pull request #237 from kjd/convert-docs-to-markdown
    • 

  • 2987fdb Convert README and HISTORY from reStructuredText to Markdown
    • 

  • 59fa800 Merge pull request #236 from kjd/dependabot/github_actions/actions-f3e34333ea
    • 

  • def6983 Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea
    • 

  • bbd8004 Merge pull request #234 from StanFromIreland/patch-1
    • 

  • edd07c0 Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group
    • 

  • 5557db0 Merge branch 'master' into patch-1
    • 

  • f11746c Merge pull request #235 from StanFromIreland/patch-2
    • 

  • Additional commits viewable in compare view
    • 







Updates nltk from 3.5 to 3.9.4



Changelog

Sourced from nltk's changelog.




Version 3.9.4 2026-03-24


    

  • Support Python 3.14
    • 

  • Fix bug in Levenshtein distance when substitution_cost > 2
    • 

  • Fix bug in Treebank detokeniser re quote ordering
    • 

  • Fix bug in Jaro similarity for empty strings
    • 

  • Several security enhancements
    • 

  • Fix GHSA-rf74-v2fm-23pw: unbounded recursion in JSONTaggedDecoder
    • 

  • Implement TextTiling vocabulary introduction method (Hearst 1997)
    • 

  • Fix ALINE feature matrix errors and add comprehensive tests
    • 

  • Support multiple VerbNet versions, fix longid/shortid regex for VerbNet ids
    • 

  • Let downloader fallback to md5 when sha256 is unavailable
    • 

  • Several other minor bugfixes and code cleanups
    • 



Thanks to the following contributors to 3.9.4:
Min-Yen Kan, Eric Kafe, Emily Voss, bowiechen, Hrudhai01,
jancallewaert, Mr-Neutr0n, pollak.peter89, ylwango613,


Version 3.9.3 2026-02-21


    

  • Fix CVE-2025-14009: secure ZIP extraction in nltk.downloader (#3468)
    • 

  • Block path traversal/arbitrary reads in nltk.data for protocol-less refs (#3467)
    • 

  • Block path traversal/abs paths in corpus readers and FS pointers (#3479, #3480)
    • 

  • Validate external StanfordSegmenter JARs using SHA256 (#3477)
    • 

  • Add optional sandbox enforcement for filestring() (#3485)
    • 

  • Maintenance: downloader/zipped models, CI/tooling updates
    • 



Thanks to the following contributors to 3.9.3:
Chris Clauss, Eric Kafe, HyperPS, purificant, Shivansh-Game, Christopher Smith


Version 3.9.2 2025-10-01


    

  • Update download checksums to use SHA256 in built index
    • 

  • Fix percentage escape in new-style string formatting
    • 

  • replace shortened URLs using goo.gl
    • 

  • Make Wordnet interoperable with various taggers and tagged corpora
    • 

  • Fix saving PerceptronTagger
    • 

  • Document how to reproduce old Wordnet studies
    • 

  • properly initialize Portuguese corpus reader
    • 

  • support for mixed rules conversion into Chomsky Normal Form
    • 

  • only import tkinter if a GUI is needed
    • 

  • issue #2112 with Corenlp
    • 

  • new environment variable NLTK_DOWNLOADER_FORCE_INTERACTIVE_SHELL
    • 

  • Lesk defaults to most frequent sense in case of ties
    • 



Thanks to the following contributors to 3.9.2:
Jose Cols, Peter de Blanc, GeneralPoxter, Eric Kafe, William LaCroix, Jason Liu,
Samer Masterson, Mike014, purificant, Andrew Ernest Ritz, samertm, Ikram Ul Haq,
Christopher Smith, Ryan Mannion


Version 3.9.1 2024-08-19





... (truncated)





Commits

    

  • ad9c96b Update copyright year
    • 

  • 7edcddf Updates for 3.9.4 release
    • 

  • 67a2736 Merge pull request #3180 from yzhaoinuw/bug-on-edit_distance_align
    • 

  • 2b17ac5 Fix edit_distance_align backtrace for high substitution costs
    • 

  • 4b72976 Merge pull request #3018 from JuanIMartinezB/bug/shortid-longid
    • 

  • 8a5619f Merge pull request #3222 from Syzygy2048/feature/texttiling-vocabulary-introd...
    • 

  • c6574d7 Merge pull request #3289 from ihitamandal/codeflash/optimize-windowdiff-2024-...
    • 

  • 98ff5d9 Merge pull request #3435 from Hrudhai01/fix-3260-detokenize-quotes
    • 

  • aec4fce Merge pull request #3522 from ekaf/pathsec
    • 

  • eec4ee3 Merge pull request #3526 from nltk/update-contributing
    • 

  • Additional commits viewable in compare view
    • 







Updates protobuf from 3.14.0 to 5.29.6



Release notes

Sourced from protobuf's releases.




Protocol Buffers v34.0-rc1


Announcements



Bazel



Compiler



C++






... (truncated)





Commits






Updates numpy from 1.21.2 to 1.22.0



Release notes

Sourced from numpy's releases.




v1.22.0


NumPy 1.22.0 Release Notes


NumPy 1.22.0 is a big release featuring the work of 153 contributors
spread over 609 pull requests. There have been many improvements,
highlights are:


    

  • Annotations of the main namespace are essentially complete. Upstream
is a moving target, so there will likely be further improvements,
but the major work is done. This is probably the most user visible
enhancement in this release.
    • 

  • A preliminary version of the proposed Array-API is provided. This is
a step in creating a standard collection of functions that can be
used across application such as CuPy and JAX.
    • 

  • NumPy now has a DLPack backend. DLPack provides a common interchange
format for array (tensor) data.
    • 

  • New methods for quantile, percentile, and related functions. The
new methods provide a complete set of the methods commonly found in
the literature.
    • 

  • A new configurable allocator for use by downstream projects.
    • 



These are in addition to the ongoing work to provide SIMD support for
commonly used functions, improvements to F2PY, and better documentation.


The Python versions supported in this release are 3.8-3.10, Python 3.7
has been dropped. Note that 32 bit wheels are only provided for Python
3.8 and 3.9 on Windows, all other wheels are 64 bits on account of
Ubuntu, Fedora, and other Linux distributions dropping 32 bit support.
All 64 bit wheels are also linked with 64 bit integer OpenBLAS, which should fix
the occasional problems encountered by folks using truly huge arrays.


Expired deprecations


Deprecated numeric style dtype strings have been removed


Using the strings "Bytes0", "Datetime64", "Str0", "Uint32",
and "Uint64" as a dtype will now raise a TypeError.


(gh-19539)


Expired deprecations for loads, ndfromtxt, and mafromtxt in npyio


numpy.loads was deprecated in v1.15, with the recommendation that
users use pickle.loads instead. ndfromtxt and mafromtxt were both
deprecated in v1.17 - users should use numpy.genfromtxt instead with
the appropriate value for the usemask parameter.


(gh-19615)





... (truncated)





Commits






Updates pymdown-extensions from 8.0 to 10.21.3



Release notes

Sourced from pymdown-extensions's releases.




10.21.3


    

  • FIX: Fix regression that allows a snippet to be loaded outside of the base path using directory traversal when
restrict_base_path is enabled (the default). Found by @​gistrec.
    • 



10.21. 2


10.21.2


    

  • FIX: Highlight: Latest Pygments versions cannot handle a "filename" for code block titles of None.
    • 



10.20.1


    

  • FIX: Quotes: Ensure the first class for callouts (the alert type) is always rendered lowercase.
    • 



10.21


    

  • NEW: Caption: Add support for specifying not only IDs but classes and arbitrary attributes. Initial work by
@​joapuiib.
    • 

  • FIX: MagicLink: Fix a matching pattern for Bitbucket repo.
    • 



10.20


    

  • 

    NEW: Quotes: New blockquotes extension added that uses a more modern approach when compared to Python Markdown's
default. Quotes specifically will not group consecutive blockquotes together in the same lazy fashion that the
default Python Markdown does which follows a more modern trend to how parsers these days handle block quotes.
    

    In addition, Quotes also provides an optional feature to enable specifying callouts/alerts in the style used by
GitHub and Obsidian.
    

    • 



10.19.1


    

  • FIX: Arithmatex: Fix issue where block $$ math used inline within a paragraph could result in nested math
parsing.
    • 



10.19


    

  • NEW: Emoji: Update Twemoji to use Unicode 16.
    • 

  • NEW: Critic: Roll back view mode deprecation as some still like to use it, though further enhancements to this
mode are not planned.
    • 



10.18


    

  • NEW: Critic: view mode has been deprecated. To avoid warnings or future issues, explicitly set mode to
either accept or reject. In the future, the new default will be accept and the view mode will be removed
entirely.
    • 

  • FIX: Block Admonition: important should have always been available as a default.
    • 



10.17.2


    

  • FIX: Blocks: Blocks extensions will now better handle nesting of indented style Admonitions, Details, and Tabbed
    • 






... (truncated)





Commits

    

  • 4262841 Fix spelling
    • 

  • 63b7835 Merge commit from fork
    • 

  • 3d18550 Docs: update js deps
    • 

  • a4fdd73 Skip tag 10.21.1 has we accidentally already used it
    • 

  • 8afb4cd Docs: Update JS deps
    • 

  • 7bf5b29 Pygments needs a non-None value for code block title (#2863)
    • 

  • 20b11eb Fix some spelling and formatting
    • 

  • c9edba3 Docs: strengthen Snippets warning and add security considerations
    • 

  • 6d92b68 Bump version
    • 

  • baeca0e Docs: update JS deps
    • 

  • Additional commits viewable in compare view
    • 







Updates requests from 2.25.1 to 2.33.0



Release notes

Sourced from requests's releases.




v2.33.0


2.33.0 (2026-03-25)


Announcements


    

  • 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣
    • 



Security


    

  • CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.
    • 



Improvements


    

  • Migrated to a PEP 517 build system using setuptools. (#7012)
    • 



Bugfixes


    

  • Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)
    • 



Deprecations


    

  • Dropped support for Python 3.9 following its end of support. (#7196)
    • 



Documentation


    

  • Various typo fixes and doc improvements.
    • 



New Contributors



Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25


v2.32.5


2.32.5 (2025-08-18)


Bugfixes


    

  • The SSLContext caching feature originally introduced in 2.32.0 has created
a new class of issues in Requests that have had negative impact across a number
of use cases. The Requests team has decided to revert this feature as long term
maintenance of it is proving to be unsustainable in its current iteration.
    • 



Deprecations


    

  • Added support for Python 3.14.
    • 

  • Dropped support for Python 3.8 following its end of support.
    • 



v2.32.4


2.32.4 (2025-06-10)





... (truncated)





Changelog

Sourced from requests's changelog.




2.33.0 (2026-03-25)


Announcements


    

  • 📣 Requests is adding inline types. If you have a typed code base that
uses Requests, please take a look at #7271. Give it a try, and report
any gaps or feedback you may have in the issue. 📣
    • 



Security


    

  • CVE-2026-25645 requests.utils.extract_zipped_paths now extracts
contents to a non-deterministic location to prevent malicious file
replacement. This does not affect default usage of Requests, only
applications calling the utility function directly.
    • 



Improvements


    

  • Migrated to a PEP 517 build system using setuptools. (#7012)
    • 



Bugfixes


    

  • Fixed an issue where an empty netrc entry could cause
malformed authentication to be applied to Requests on
Python 3.11+. (#7205)
    • 



Deprecations


    

  • Dropped support for Python 3.9 following its end of support. (#7196)
    • 



Documentation


    

  • Various typo fixes and doc improvements.
    • 



2.32.5 (2025-08-18)


Bugfixes


    

  • The SSLContext caching feature originally introduced in 2.32.0 has created
a new class of issues in Requests that have had negative impact across a number
of use cases. The Requests team has decided to revert this feature as long term
maintenance of it is proving to be unsustainable in its current iteration.
    • 



Deprecations


    

  • Added support for Python 3.14.
    • 

  • Dropped support for Python 3.8 following its end of support.
    • 



2.32.4 (2025-06-10)


Security


    

  • CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted
environment will retrieve credentials for the wrong hostname/machine from a
netrc file.
    • 






... (truncated)





Commits

    

  • bc04dfd v2.33.0
    • 

  • 66d21cb Merge commit from fork
    • 

  • 8b9bc8f Move badges to top of README (#7293)
    • 

  • e331a28 Remove unused extraction call (#7292)
    • 

  • 753fd08 docs: fix FAQ grammar in httplib2 example
    • 

  • 774a0b8 docs(socks): same block as other sections
    • 

  • 9c72a41 Bump github/codeql-action from 4.33.0 to 4.34.1
    • 

  • ebf7190 Bump github/codeql-action from 4.32.0 to 4.33.0
    • 

  • 0e4ae38 docs: exclude Response.is_permanent_redirect from API docs (#7244)
    • 

  • d568f47 docs: clarify Quickstart POST example (#6960)
    • 

  • Additional commits viewable in compare view
    • 







Updates tornado from 6.1 to 6.5.5



Changelog

Sourced from tornado's changelog.




Release notes


.. toctree::
:maxdepth: 2


releases/v6.5.5
releases/v6.5.4
releases/v6.5.3
releases/v6.5.2
releases/v6.5.1
releases/v6.5.0
releases/v6.4.2
releases/v6.4.1
releases/v6.4.0
releases/v6.3.3
releases/v6.3.2
releases/v6.3.1
releases/v6.3.0
releases/v6.2.0
releases/v6.1.0
releases/v6.0.4
releases/v6.0.3
releases/v6.0.2
releases/v6.0.1
releases/v6.0.0
releases/v5.1.1
releases/v5.1.0
releases/v5.0.2
releases/v5.0.1
releases/v5.0.0
releases/v4.5.3
releases/v4.5.2
releases/v4.5.1
releases/v4.5.0
releases/v4.4.3
releases/v4.4.2
releases/v4.4.1
releases/v4.4.0
releases/v4.3.0
releases/v4.2.1
releases/v4.2.0
releases/v4.1.0
releases/v4.0.2
releases/v4.0.1
releases/v4.0.0
releases/v3.2.2
releases/v3.2.1
releases/v3.2.0
releases/v3.1.1





... (truncated)





Commits

    

  • 7d64650 Merge pull request #3586 from bdarnell/update-cibw
    • 

  • d05d59b build: Bump cibuildwheel to 3.4.0
    • 

  • c2f4673 Merge pull request #3585 from bdarnell/release-655
    • 

  • e5f1aa4 Release notes and version bump for v6.5.5
    • 

  • 78a046f httputil: Add CRLF to _FORBIDDEN_HEADER_CHARS_RE
    • 

  • 24a2d96 web: Validate characters in all cookie attributes.
    • 

  • 119a195 httputil: Add limits on multipart form data parsing
    • 

  • 63d4df4 Merge pull request #3564 from bdarnell/release-654
    • 

  • eadbf9a Release notes and version bump for 6.5.4
    • 

  • bbc2b14 Make sure that the in-operator on HTTPHeaders is case insensitive
    • 

  • Additional commits viewable in compare view
    • 







Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.





Dependabot commands and options



You can trigger Dependabot actions by commenting on this PR:


    

  • @dependabot rebase will rebase this PR
    • 

  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • 

  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
    • 

  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
    • 

  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
    • 

  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
    • 

  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
    • 

  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    
You can disable automated security fix PRs for this repo from the Security Alerts page.
    •

@dependabot
Bump the pip group across 1 directory with 9 updates
7c340c5 
Bumps the pip group with 9 updates in the /docs/tools directory:

| Package | From | To |
| --- | --- | --- |
| [babel](https://github.com/python-babel/babel) | `2.8.0` | `2.9.1` |
| [certifi](https://github.com/certifi/python-certifi) | `2020.4.5.2` | `2024.7.4` |
| [idna](https://github.com/kjd/idna) | `2.10` | `3.15` |
| [nltk](https://github.com/nltk/nltk) | `3.5` | `3.9.4` |
| [protobuf](https://github.com/protocolbuffers/protobuf) | `3.14.0` | `5.29.6` |
| [numpy](https://github.com/numpy/numpy) | `1.21.2` | `1.22.0` |
| [pymdown-extensions](https://github.com/facelessuser/pymdown-extensions) | `8.0` | `10.21.3` |
| [requests](https://github.com/psf/requests) | `2.25.1` | `2.33.0` |
| [tornado](https://github.com/tornadoweb/tornado) | `6.1` | `6.5.5` |



Updates `babel` from 2.8.0 to 2.9.1
- [Release notes](https://github.com/python-babel/babel/releases)
- [Changelog](https://github.com/python-babel/babel/blob/master/CHANGES.rst)
- [Commits](python-babel/babel@v2.8.0...v2.9.1)

Updates `certifi` from 2020.4.5.2 to 2024.7.4
- [Commits](certifi/python-certifi@2020.04.05.2...2024.07.04)

Updates `idna` from 2.10 to 3.15
- [Release notes](https://github.com/kjd/idna/releases)
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.md)
- [Commits](kjd/idna@v2.10...v3.15)

Updates `nltk` from 3.5 to 3.9.4
- [Changelog](https://github.com/nltk/nltk/blob/develop/ChangeLog)
- [Commits](nltk/nltk@3.5...3.9.4)

Updates `protobuf` from 3.14.0 to 5.29.6
- [Release notes](https://github.com/protocolbuffers/protobuf/releases)
- [Commits](https://github.com/protocolbuffers/protobuf/commits)

Updates `numpy` from 1.21.2 to 1.22.0
- [Release notes](https://github.com/numpy/numpy/releases)
- [Changelog](https://github.com/numpy/numpy/blob/main/doc/RELEASE_WALKTHROUGH.rst)
- [Commits](numpy/numpy@v1.21.2...v1.22.0)

Updates `pymdown-extensions` from 8.0 to 10.21.3
- [Release notes](https://github.com/facelessuser/pymdown-extensions/releases)
- [Commits](facelessuser/pymdown-extensions@8.0...10.21.3)

Updates `requests` from 2.25.1 to 2.33.0
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.25.1...v2.33.0)

Updates `tornado` from 6.1 to 6.5.5
- [Changelog](https://github.com/tornadoweb/tornado/blob/master/docs/releases.rst)
- [Commits](tornadoweb/tornado@v6.1.0...v6.5.5)

---
updated-dependencies:
- dependency-name: babel
  dependency-version: 2.9.1
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: certifi
  dependency-version: 2024.7.4
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: idna
  dependency-version: '3.15'
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: nltk
  dependency-version: 3.9.4
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: protobuf
  dependency-version: 5.29.6
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: numpy
  dependency-version: 1.22.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: pymdown-extensions
  dependency-version: 10.21.3
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: requests
  dependency-version: 2.33.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: tornado
  dependency-version: 6.5.5
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels May 22, 2026
@CLAassistant
Copy link
Copy Markdown

CLAassistant commented May 22, 2026

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@CLAassistant