From 932bdf75f89f9bdaf91315456e2649124e9d7db4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 15 Sep 2025 11:09:21 +0000
Subject: [PATCH 1/3] Bump zstandard from 0.24.0 to 0.25.0 (#11507)
Bumps [zstandard](https://github.com/indygreg/python-zstandard) from
0.24.0 to 0.25.0.
Release notes
Sourced from zstandard's
releases.
0.25.0
- PyO3 Rust created upgraded from 0.24 to 0.25. (#273)
- We now use
Py_REFCNT(obj) instead of accessing
(*obj)->ob_refcnt directly.
This fixes a nogil / multi-threaded compile error. (#201,
#275)
- A zstandard commit to fix qsort detection on BSD operating systems
has been backported. (#272)
- The
PYTHON_ZSTANDARD_IMPORT_POLICY environment variable
now has leading
and trailing whitespace stripped. Values like cffi and
cffi are
now equivalent to cffi.
- The CI jobs for building wheels have been overhauled to always use
cibuildwheel and uv (where possible). This
change should be backwards
compatible. But wheel building for this project has historically been
fragile and there may be unwanted changes. We're optimistic that
standardizing
on uv (except for musllinux ppc64le and s390x where uv isn't available)
will lead to more stability over time.
- CI now runs tests against the wheels we distribute. Previously, we
ran
tests against a separate build that was theoretically identical. But the
builds may have been subtly different, leading to preventable bugs in
our
wheels. (Enabling this test coverage did not uncover any failures.)
- The
pyproject.toml build backend has been switched from
setuptools.build_meta:__legacy__ to
setuptools.build_meta.
- The setuptools build dependency has been upgraded from <69.0.0 to
>=77.0.0.
Modern versions of setuptools broke
--config-settings=--build-option=... as part of
implementing PEP 660.
A workaround is to use
--config-settings=--global-option=... instead.
--global-option apparently is deprecated and the setuptools
folks have yet
to figure out how to thread config settings into setup.py
invocations.
(--build-option is sent to the build_wheel
command but not the
build_editable command.)
- Python 3.14 wheels are now built with
manylinux_2_28
(versus
manylinux2014) for older Python versions. This may raise
the minimum
glibc version, effectively dropping support for Debian 8 and 9, Ubuntu
13.10 through 18.04, Fedora 19 to 28, and RHEL/Centos 7. However, in
practice most platforms don't container newer glibc symbols and are
still
ABI compatible with manylinux2014 and glibc 2.17.
- We now require cffi >= 2.0.0b on Python 3.14. <3.14 still
requires 1.17.
(#274)
- The cffi backend is now automatically disabled for free-threaded
builds
on Python <3.14, as cffi didn't implement free-threaded support until
the 2.0 release. (#274)
- Added CI coverage for free-threaded CPython 3.13 and 3.14. We do not
yet
formally support free-threaded builds. (#276)
- The C and Rust backends now declare the GIL as unused.
- The
pythoncapi_compat.h file has been upgraded to the
latest version. (#278)
setup.py now depends on packaging and uses
packaging.version.Version
for version comparisons. This removes some deprecation warnings from
usage of
legacy distutils Version classes.- Relax run-time libzstd version checking in C extension from exactly
1.5.7
to >=1.5.6. (#254,
#267)
- C extension types now (correctly) declare their fully qualified type
names
... (truncated)
Changelog
Sourced from zstandard's
changelog.
0.25.0 (released 2025-09-14)
- PyO3 Rust created upgraded from 0.24 to 0.25. (#273)
- We now use
Py_REFCNT(obj) instead of accessing
(*obj)->ob_refcnt directly.
This fixes a nogil / multi-threaded compile error. (#201,
#275)
- A zstandard commit to fix qsort detection on BSD operating systems
has been backported. (#272)
- The
PYTHON_ZSTANDARD_IMPORT_POLICY environment variable
now has leading
and trailing whitespace stripped. Values like cffi and
cffi are
now equivalent to cffi.
- The CI jobs for building wheels have been overhauled to always use
cibuildwheel and uv (where possible). This
change should be backwards
compatible. But wheel building for this project has historically been
fragile and there may be unwanted changes. We're optimistic that
standardizing
on uv (except for musllinux ppc64le and s390x where uv isn't available)
will lead to more stability over time.
- CI now runs tests against the wheels we distribute. Previously, we
ran
tests against a separate build that was theoretically identical. But the
builds may have been subtly different, leading to preventable bugs in
our
wheels. (Enabling this test coverage did not uncover any failures.)
- The
pyproject.toml build backend has been switched from
setuptools.build_meta:__legacy__ to
setuptools.build_meta.
- The setuptools build dependency has been upgraded from <69.0.0 to
>=77.0.0.
Modern versions of setuptools broke
--config-settings=--build-option=... as part of
implementing PEP 660.
A workaround is to use --config-settings=--global-option=...``
instead. --global-optionapparently is deprecated and the
setuptools folks have yet to figure out how to thread config settings
intosetup.py invocations. (`--build-option is sent
to the build_wheel command but not the
build_editable command.)
- Python 3.14 wheels are now built with
manylinux_2_28
(versus
manylinux2014) for older Python versions. This may raise
the minimum
glibc version, effectively dropping support for Debian 8 and 9, Ubuntu
13.10 through 18.04, Fedora 19 to 28, and RHEL/Centos 7. However, in
practice most platforms don't container newer glibc symbols and are
still
ABI compatible with manylinux2014 and glibc 2.17.
- We now require cffi >= 2.0.0b on Python 3.14. <3.14 still
requires 1.17.
(#274)
- The cffi backend is now automatically disabled for free-threaded
builds
on Python <3.14, as cffi didn't implement free-threaded support until
the 2.0 release. (#274)
- Added CI coverage for free-threaded CPython 3.13 and 3.14. We do not
yet
formally support free-threaded builds. (#276)
- The C and Rust backends now declare the GIL as unused.
- The
pythoncapi_compat.h file has been upgraded to the
latest version. (#278)
setup.py now depends on packaging and uses
packaging.version.Version
for version comparisons. This removes some deprecation warnings from
usage of
legacy distutils Version classes.- Relax run-time libzstd version checking in C extension from exactly
1.5.7
... (truncated)
Commits
7a77a75
global: release 0.25.07935539
rust: cargo upgradebc3074c
rust: update dependencies51a277a
c-ext: correctly define fully qualified type names to
zstandard.*9ccbc39
docs: fix ReST in news.rst58c68a1
zstd: synchronize qsort code with upstream395f693
docs: document existence of compression.zstd in stdlib6967817
docs: update comparisons to other implementationse4e829a
docs: document new libzstd version constraint behaviors604a65a
Relax libzstd version checking- Additional commits viewable in compare
view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
Signed-off-by: dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
requirements/base.txt | 2 +-
requirements/constraints.txt | 2 +-
requirements/dev.txt | 2 +-
requirements/lint.txt | 2 +-
requirements/runtime-deps.txt | 2 +-
requirements/test.txt | 2 +-
6 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/requirements/base.txt b/requirements/base.txt
index 3454e3173d5..0c1a776b122 100644
--- a/requirements/base.txt
+++ b/requirements/base.txt
@@ -46,5 +46,5 @@ uvloop==0.21.0 ; platform_system != "Windows" and implementation_name == "cpytho
# via -r requirements/base.in
yarl==1.20.1
# via -r requirements/runtime-deps.in
-zstandard==0.24.0 ; platform_python_implementation == "CPython" and python_version < "3.14"
+zstandard==0.25.0 ; platform_python_implementation == "CPython" and python_version < "3.14"
# via -r requirements/runtime-deps.in
diff --git a/requirements/constraints.txt b/requirements/constraints.txt
index 0c549bc0fde..5a0ac373fe8 100644
--- a/requirements/constraints.txt
+++ b/requirements/constraints.txt
@@ -298,7 +298,7 @@ zlib-ng==1.0.0
# via
# -r requirements/lint.in
# -r requirements/test.in
-zstandard==0.24.0 ; implementation_name == "cpython"
+zstandard==0.25.0 ; implementation_name == "cpython"
# via
# -r requirements/lint.in
# -r requirements/runtime-deps.in
diff --git a/requirements/dev.txt b/requirements/dev.txt
index cee211a9979..00443d8ccca 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -289,7 +289,7 @@ zlib-ng==1.0.0
# via
# -r requirements/lint.in
# -r requirements/test.in
-zstandard==0.24.0 ; platform_python_implementation == "CPython" and python_version < "3.14"
+zstandard==0.25.0 ; platform_python_implementation == "CPython" and python_version < "3.14"
# via
# -r requirements/lint.in
# -r requirements/runtime-deps.in
diff --git a/requirements/lint.txt b/requirements/lint.txt
index eae71860cb1..3610e44f68b 100644
--- a/requirements/lint.txt
+++ b/requirements/lint.txt
@@ -122,5 +122,5 @@ virtualenv==20.34.0
# via pre-commit
zlib-ng==1.0.0
# via -r requirements/lint.in
-zstandard==0.24.0 ; implementation_name == "cpython"
+zstandard==0.25.0 ; implementation_name == "cpython"
# via -r requirements/lint.in
diff --git a/requirements/runtime-deps.txt b/requirements/runtime-deps.txt
index a041e173b62..1248bbfb38d 100644
--- a/requirements/runtime-deps.txt
+++ b/requirements/runtime-deps.txt
@@ -40,5 +40,5 @@ typing-extensions==4.15.0
# multidict
yarl==1.20.1
# via -r requirements/runtime-deps.in
-zstandard==0.24.0 ; platform_python_implementation == "CPython" and python_version < "3.14"
+zstandard==0.25.0 ; platform_python_implementation == "CPython" and python_version < "3.14"
# via -r requirements/runtime-deps.in
diff --git a/requirements/test.txt b/requirements/test.txt
index 6545886fc32..61733d6dc93 100644
--- a/requirements/test.txt
+++ b/requirements/test.txt
@@ -147,5 +147,5 @@ yarl==1.20.1
# via -r requirements/runtime-deps.in
zlib-ng==1.0.0
# via -r requirements/test.in
-zstandard==0.24.0 ; platform_python_implementation == "CPython" and python_version < "3.14"
+zstandard==0.25.0 ; platform_python_implementation == "CPython" and python_version < "3.14"
# via -r requirements/runtime-deps.in
From 73567ebf1a9b8e1dc65d266e99a01d2bf7d64782 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 15 Sep 2025 12:39:55 +0000
Subject: [PATCH 2/3] Bump pydantic from 2.11.7 to 2.11.9 (#11511)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Bumps [pydantic](https://github.com/pydantic/pydantic) from 2.11.7 to
2.11.9.
Release notes
Sourced from pydantic's
releases.
v2.11.9 2025-09-13
What's Changed
Fixes
Full Changelog: https://github.com/pydantic/pydantic/compare/v2.11.8...v2.11.9
v2.11.8 2025-09-13
v2.11.8 (2025-09-13)
What's Changed
Fixes
Full Changelog: https://github.com/pydantic/pydantic/compare/v2.11.7...v2.11.8
Changelog
Sourced from pydantic's
changelog.
v2.11.9 (2025-09-13)
GitHub
release
What's Changed
Fixes
v2.11.8 (2025-09-13)
GitHub
release
What's Changed
Fixes
Commits
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
Signed-off-by: dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
requirements/constraints.txt | 4 ++--
requirements/dev.txt | 4 ++--
requirements/lint.txt | 2 +-
requirements/test.txt | 4 ++--
4 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/requirements/constraints.txt b/requirements/constraints.txt
index 5a0ac373fe8..d7f5d820faf 100644
--- a/requirements/constraints.txt
+++ b/requirements/constraints.txt
@@ -157,9 +157,9 @@ pycares==4.11.0
# via aiodns
pycparser==2.22
# via cffi
-pydantic==2.12.0a1
+pydantic==2.11.9
# via python-on-whales
-pydantic-core==2.37.2
+pydantic-core==2.33.2
# via pydantic
pyenchant==3.3.0
# via sphinxcontrib-spelling
diff --git a/requirements/dev.txt b/requirements/dev.txt
index 00443d8ccca..12ffe34b22c 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -154,9 +154,9 @@ pycares==4.11.0
# via aiodns
pycparser==2.22
# via cffi
-pydantic==2.12.0a1
+pydantic==2.11.9
# via python-on-whales
-pydantic-core==2.37.2
+pydantic-core==2.33.2
# via pydantic
pygments==2.19.2
# via
diff --git a/requirements/lint.txt b/requirements/lint.txt
index 3610e44f68b..8627d1c3114 100644
--- a/requirements/lint.txt
+++ b/requirements/lint.txt
@@ -67,7 +67,7 @@ pycares==4.11.0
# via aiodns
pycparser==2.22
# via cffi
-pydantic==2.11.7
+pydantic==2.11.9
# via python-on-whales
pydantic-core==2.33.2
# via pydantic
diff --git a/requirements/test.txt b/requirements/test.txt
index 61733d6dc93..a7f0c48ec48 100644
--- a/requirements/test.txt
+++ b/requirements/test.txt
@@ -87,9 +87,9 @@ pycares==4.11.0
# via aiodns
pycparser==2.22
# via cffi
-pydantic==2.12.0a1
+pydantic==2.11.9
# via python-on-whales
-pydantic-core==2.37.2
+pydantic-core==2.33.2
# via pydantic
pygments==2.19.2
# via
From 40a9dd879e2acd7707eaf5ae62d485b6a79bd08d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 15 Sep 2025 12:57:37 +0000
Subject: [PATCH 3/3] Bump pycparser from 2.22 to 2.23 (#11492)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Bumps [pycparser](https://github.com/eliben/pycparser) from 2.22 to
2.23.
Release notes
Sourced from pycparser's
releases.
release_v2.23
What's Changed
New Contributors
Full Changelog: https://github.com/eliben/pycparser/compare/release_v2.22...release_v2.23
Commits
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
Signed-off-by: dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
requirements/base.txt | 2 +-
requirements/constraints.txt | 2 +-
requirements/dev.txt | 2 +-
requirements/lint.txt | 2 +-
requirements/runtime-deps.txt | 2 +-
requirements/test.txt | 2 +-
6 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/requirements/base.txt b/requirements/base.txt
index 0c1a776b122..8414db41eab 100644
--- a/requirements/base.txt
+++ b/requirements/base.txt
@@ -36,7 +36,7 @@ propcache==0.3.2
# yarl
pycares==4.11.0
# via aiodns
-pycparser==2.22
+pycparser==2.23
# via cffi
typing-extensions==4.15.0
# via
diff --git a/requirements/constraints.txt b/requirements/constraints.txt
index d7f5d820faf..f600426424b 100644
--- a/requirements/constraints.txt
+++ b/requirements/constraints.txt
@@ -155,7 +155,7 @@ proxy-py==2.4.10
# -r requirements/test.in
pycares==4.11.0
# via aiodns
-pycparser==2.22
+pycparser==2.23
# via cffi
pydantic==2.11.9
# via python-on-whales
diff --git a/requirements/dev.txt b/requirements/dev.txt
index 12ffe34b22c..060d2ca4d60 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -152,7 +152,7 @@ proxy-py==2.4.10
# -r requirements/test.in
pycares==4.11.0
# via aiodns
-pycparser==2.22
+pycparser==2.23
# via cffi
pydantic==2.11.9
# via python-on-whales
diff --git a/requirements/lint.txt b/requirements/lint.txt
index 8627d1c3114..0b8fc4b2ec0 100644
--- a/requirements/lint.txt
+++ b/requirements/lint.txt
@@ -65,7 +65,7 @@ proxy-py==2.4.10
# via -r requirements/lint.in
pycares==4.11.0
# via aiodns
-pycparser==2.22
+pycparser==2.23
# via cffi
pydantic==2.11.9
# via python-on-whales
diff --git a/requirements/runtime-deps.txt b/requirements/runtime-deps.txt
index 1248bbfb38d..78b83942ae0 100644
--- a/requirements/runtime-deps.txt
+++ b/requirements/runtime-deps.txt
@@ -32,7 +32,7 @@ propcache==0.3.2
# yarl
pycares==4.11.0
# via aiodns
-pycparser==2.22
+pycparser==2.23
# via cffi
typing-extensions==4.15.0
# via
diff --git a/requirements/test.txt b/requirements/test.txt
index a7f0c48ec48..e35299832e2 100644
--- a/requirements/test.txt
+++ b/requirements/test.txt
@@ -85,7 +85,7 @@ proxy-py==2.4.10
# via -r requirements/test.in
pycares==4.11.0
# via aiodns
-pycparser==2.22
+pycparser==2.23
# via cffi
pydantic==2.11.9
# via python-on-whales