Bump the everything-else group across 1 directory with 44 updates

[dependabot]

Bumps the everything-else group with 44 updates in the /python directory:

Package	From	To
build	1.2.2.post1	1.4.0
twine	6.1.0	6.2.0
pylint	3.3.7	4.0.4
tox	4.27.0	4.34.1
tox-gh-actions	3.3.0	3.5.0
astroid	3.3.11	4.0.3
babel	2.17.0	2.18.0
beautifulsoup4	4.13.4	4.14.3
cachetools	6.1.0	7.0.0
certifi	2025.7.14	2026.1.4
cffi	1.17.1	2.0.0
charset-normalizer	3.4.2	3.4.4
cryptography	45.0.5	46.0.4
dill	0.4.0	0.4.1
distlib	0.3.9	0.4.0
docutils	0.21.2	0.22.4
exceptiongroup	1.3.0	1.3.1
filelock	3.18.0	3.20.3
idna	3.10	3.11
importlib-metadata	8.7.0	8.7.1
iniconfig	2.1.0	2.3.0
isort	6.0.1	7.0.0
jaraco-context	6.0.1	6.1.0
jaraco-functools	4.2.1	4.4.0
keyring	25.6.0	25.7.0
markdown-it-py	3.0.0	4.0.0
markupsafe	3.0.2	3.0.3
mdit-py-plugins	0.4.2	0.5.0
more-itertools	10.7.0	10.8.0
nh3	0.2.21	0.3.2
packaging	25.0	26.0
platformdirs	4.3.8	4.5.1
pycparser	2.22	3.0
pyproject-api	1.9.1	1.10.0
pyyaml	6.0.2	6.0.3
requests	2.32.4	2.32.5
rich	14.0.0	14.3.2
secretstorage	3.3.3	3.5.0
soupsieve	2.7	2.8.3
tomli	2.2.1	2.4.0
tomlkit	0.13.3	0.14.0
typing-extensions	4.14.1	4.15.0
urllib3	2.5.0	2.6.3
virtualenv	20.31.2	20.36.1

Updates build from 1.2.2.post1 to 1.4.0

Release notes

Sourced from build's releases.

1.4.0

• Add --quiet flag (PR #947)
• Add option to dump PEP 517 metadata with --metadata (PR #940, PR #943)
• Support UV environment variable (PR #971)
• Remove a workaround for 3.14b1 (PR #960)
• In 3.14 final release, color defaults to True already (PR #962)
• Pass sp-repo-review (PR #942)
• In pytest configuration, log_level is better than log_cli_level (PR #950)
• Split up typing and mypy (PR #944)
• Use types-colorama (PR #945)
• In docs, first argument for _has_dependency is a name (PR #970)
• Fix test failure when flit-core is installed (PR #921)

1.3.0

• Add --config-json (PR #916, fixes issue #900)
• Drop Python 3.8 (PR #891)
• Test on Python 3.14, colorful help on 3.14+ (PR #895)
• Fix ModuleNotFoundError when pip is not installed (PR #898)
• Disable use of pip install --python for debundled pip (PR #861)
• Don't pass no-wheel to virtualenv if it would warn (PR #892)
• Optimize our tests to run faster (PR #871, #872, #738)
• Allow running our tests without virtualenv (PR #911)
• Fix issues in our tests (PR #824, #918, #870, #915, #862, #863, #899, #896, #854)
• Use SPDX identifiers for our license metadata (PR #914)
• Use dependency-groups for our development (PR #880)
• Mention conda and update uv mention in README/docs (PR #842, #816, #917)

Changelog

Sourced from build's changelog.

1.4.0 (2026-01-08)

• Add --quiet flag (:pr:947)
• Add option to dump PEP 517 metadata with --metadata (:pr:940, :pr:943)
• Support UV environment variable (:pr:971)
• Remove a workaround for 3.14b1 (:pr:960)
• In 3.14 final release, color defaults to True already (:pr:962)
• Pass sp-repo-review (:pr:942)
• In pytest configuration, log_level is better than log_cli_level (:pr:950)
• Split up typing and mypy (:pr:944)
• Use types-colorama (:pr:945)
• In docs, first argument for _has_dependency is a name (PR :pr:970)
• Fix test failure when flit-core is installed (PR :pr:921)

1.3.0 (2025-08-01)

• Add --config-json (PR :pr:916, fixes issue :issue:900)
• Drop Python 3.8 (PR :pr:891)
• Test on Python 3.14, colorful help on 3.14+ (PR :pr:895)
• Fix ModuleNotFoundError when pip is not installed (PR :pr:898)
• Disable use of pip install --python for debundled pip (PR :pr:861)
• Don't pass no-wheel to virtualenv if it would warn (PR :pr:892)
• Optimize our tests to run faster (PR :pr:871, :pr:872, :pr:738)
• Allow running our tests without virtualenv (PR :pr:911)
• Fix issues in our tests (PR :pr:824, :pr:918, :pr:870, :pr:915, :pr:862, :pr:863, :pr:899, :pr:896, :pr:854)
• Use SPDX identifiers for our license metadata (PR :pr:914)

... (truncated)

Commits

• 54f238d chore: prepare for 1.4.0 (#972)
• f219276 docs: first argument for _has_dependency is a name (#970)
• 7adb29e fix: support UV environment variable (#971)
• a40623b build(deps): bump actions/attest-build-provenance in the actions group (#968)
• c8fae34 pre-commit: bump repositories (#965)
• ed9c379 build(deps): bump actions/download-artifact in the actions group
• 0e44fd2 Add quiet flag (#947)
• 60e15ed chore: color defaults to True in 3.14 (#962)
• 0486d9d pre-commit: bump repositories (#961)
• 393b775 MNT: remove workaround for 3.14b1 (#960)
• Additional commits viewable in compare view

Updates twine from 6.1.0 to 6.2.0

Changelog

Sourced from twine's changelog.

twine 6.2.0 (2025-09-04)

Features ^^^^^^^^

• Automatically refresh short-lived PyPI token in long running Trusted Publishing uploads.

  In the event that a trusted publishing upload job is taking longer than the validity period of a trusted publishing token (15 minutes at the time of this writing), and we are already 10 minutes into that validity period, we will begin to attempt to replace the token on each subsequent request. ([#1246](https://github.com/pypa/twine/issues/1246) <https://github.com/pypa/twine/issues/1246>_)

Bugfixes ^^^^^^^^

• Fix compatibility kludge for invalid License-File metadata entries emitted by build backends to work also with packaging version 24.0. ([#1217](https://github.com/pypa/twine/issues/1217) <https://github.com/pypa/twine/issues/1217>_)
• Fix a couple of incorrectly rendered error messages. ([#1224](https://github.com/pypa/twine/issues/1224) <https://github.com/pypa/twine/issues/1224>_)
• twine now enforces keyring >= 21.2.0, which was previously implicitly required by API usage. ([#1229](https://github.com/pypa/twine/issues/1229) <https://github.com/pypa/twine/issues/1229>_)
• twine now catches configparser.Error to prevent accidental leaks of secret tokens or passwords to the user's console. ([#1240](https://github.com/pypa/twine/issues/1240) <https://github.com/pypa/twine/issues/1240>_)

Deprecations and Removals ^^^^^^^^^^^^^^^^^^^^^^^^^

• Remove hacks that support --skip-existing for indexes other than PyPI and TestPyPI.

  To date, these hacks continue to accrue and there have been numerous issues with them, not the least of which being that every time we update them, the paid index providers change things to break the compatibility we implement for them. Beyond that, these hacks do not work when text is internationalized in the response from the index provider.

  For a sample of past issues, see:

  • pypa/twine#1251

  • pypa/twine#918

  • pypa/twine#856

  • pypa/twine#693

  • pypa/twine#332 ([#1251](https://github.com/pypa/twine/issues/1251) <https://github.com/pypa/twine/issues/1251>_)

... (truncated)

Commits

• 14ceb29 Update changelog for 6.2.0 (#1264)
• 60e377b build(deps): bump actions/checkout from 4.2.2 to 5.0.0 (#1263)
• 88821f2 feat(package): remove MD5 hashing entirely (#1262)
• ce5fe53 build(deps): bump actions/download-artifact from 4.3.0 to 5.0.0
• 6a696ed PEP 639 compliance
• 9175334 rename 1247.misc.rst to changelog/1247.misc.rst
• d94a475 fix(tests): update expected error message
• c1c02d1 Remove --skip-existing support for non-PyPI indices
• a24d308 Set trusted publishing logging to INFO/WARN (#1247)
• becf1a8 Fix py3.9 mypy error in __init__ around PackageMetadata
• Additional commits viewable in compare view

Updates pylint from 3.3.7 to 4.0.4

Commits

• e16f942 Bump pylint to 4.0.4, update changelog
• 657b386 [Backport maintenance/4.0.x] [invalid-name] Fix FP for exclusive assignment o...
• 03f8a92 [Backport maintenance/4.0.x] fix: avoid false positive when module-level name...
• 84b6552 Bump pylint to 4.0.3, update changelog (#10741)
• 77b0cd8 [Backport maintenance/4.0.x] fix(expand_modules): pass ignore_list to modutil...
• 755f2d0 [Backport maintenance/4.0.x] Upgrade astroid to 4.0.2 (#10733)
• c96a9e4 [Backport maintenance/4.0.x] Fix crash when a variable annotation is used as ...
• 108191e [Backport maintenance/4.0.x] Fix a false positive for class attribute typed w...
• 0ed8172 [Backport maintenance/4.0.x] Fix crash when a slice object is called (#10728)
• b128b7d [Backport maintenance/4.0.x] Fix a false positive for ``unbalanced-tuple-unpa...
• Additional commits viewable in compare view

Updates tox from 4.27.0 to 4.34.1

Release notes

Sourced from tox's releases.

4.34.1

What's Changed

• fix: wheel corruption when running parallel tox processes by @​gaborbernat in tox-dev/tox#3667

Full Changelog: tox-dev/tox@4.34.0...4.34.1

4.34.0

What's Changed

• feat: Support depenedcy groups with self references by @​Czaki in tox-dev/tox#3666

Full Changelog: tox-dev/tox@4.33.0...4.34.0

4.33.0

What's Changed

• Pass LOCALAPPDATA by default on Windows (#3639) by @​clint-lawrence in tox-dev/tox#3640
• Docs: Add caution about ranges like py{39-314} by @​ferdnyc in tox-dev/tox#3652
• CLI Parser: Drop epilog message for Sphinx help by @​ferdnyc in tox-dev/tox#3653
• 📚 Integrate sphinx-issues extension by @​webknjaz in tox-dev/tox#3655
• Fix sphinx doc build by @​gaborbernat in tox-dev/tox#3662
• feat: add conditional set_env support via PEP-496 markers by @​gaborbernat in tox-dev/tox#3663

New Contributors

• @​clint-lawrence made their first contribution in tox-dev/tox#3640
• @​ferdnyc made their first contribution in tox-dev/tox#3652

Full Changelog: tox-dev/tox@4.32.0...4.33.0

4.32.0

What's Changed

• docs: Add Python 3.14 and 3.14t to config examples by @​cclauss in tox-dev/tox#3626
• Fix broken log message (in that branch it did not match the arguments). by @​ionelmc in tox-dev/tox#3634
• Allow braced range syntax in internal sections of tox.ini file by @​marcosboger in tox-dev/tox#3631
• fix: ensure log folder is created before writing the execution logs by @​ssbarnea in tox-dev/tox#3633
• TST: add weekly compatibility checks for CPython 3.15 by @​neutrinoceros in tox-dev/tox#3629

New Contributors

• @​ionelmc made their first contribution in tox-dev/tox#3634
• @​marcosboger made their first contribution in tox-dev/tox#3631
• @​neutrinoceros made their first contribution in tox-dev/tox#3629

... (truncated)

Changelog

Sourced from tox's changelog.

v4.34.1 (2026-01-09)

Bugfixes - 4.34.1

- Fix wheel corruption errors when the build backend updates the file in place - by :user:`gaborbernat`. (:issue:`3667`)
v4.34.0 (2026-01-08)
Features - 4.34.0

• Support installing extras from the current project in dependency groups. -- by :user:czaki. (:issue:3561)

v4.33.0 (2026-01-02)

Features - 4.33.0

- Add support for conditional ``set_env`` using PEP-496 environment markers. In INI format use
  ``VAR=value; marker`` syntax, in TOML format use ``set_env.VAR = { value = "...", marker = "..." }``
  -- by :user:`gaborbernat`. (:issue:`3663`)
Bugfixes - 4.33.0

• Added 'LocalAppData' to the default passed environment variables on Windows. (:issue:3639)

Improved Documentation - 4.33.0

- Sphinx is now set up to use :pypi:`sphinx-issues` for referencing
  GitHub issues and pull requests in the docs -- by :user:`webknjaz`. (:issue:`3202`)
v4.32.0 (2025-10-24)
Bugfixes - 4.32.0
- Expand braced range syntax in all internal sections of ``tox.ini`` (e.g. ``deps``, ``testenv``). Syntax like py3{10-14} can be used in those sections now.
  - by :user:`marcosboger` (:issue:`3571`)
Improved Documentation - 4.32.0

</code></pre>

<ul>

<li>Add Python 3.14 and 3.14t to config examples

<ul>

<li>by :user:<code>cclauss</code> (:issue:<code>3626</code>)</li>

</ul>

</li>

</ul>

<p>Misc - 4.32.0</p>

<pre><code>- :issue:3629
&lt;/tr&gt;&lt;/table&gt;

</code></pre>

</blockquote>

<p>... (truncated)</p>

</details>

<details>

<summary>Commits</summary>
<ul>

<li><a href="https://github.com/tox-dev/tox/commit/abd774e65195a734ee44a10ab5ba92b19be43bb7&quot;&gt;&lt;code&gt;abd774e&lt;/code&gt;&lt;/a> release 4.34.1</li>

<li><a href="https://github.com/tox-dev/tox/commit/96658e02c176fe246bd72d098211a96e41ea50fa&quot;&gt;&lt;code&gt;96658e0&lt;/code&gt;&lt;/a> fix: use copy instead of hard link for session package views (<a href="https://redirect.github.com/tox-dev/tox/issues/3667&quot;&gt;#3667&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/tox-dev/tox/commit/078a0f8b67cb69b960f01109de0918aa1ef76a59&quot;&gt;&lt;code&gt;078a0f8&lt;/code&gt;&lt;/a> release 4.34.0</li>

<li><a href="https://github.com/tox-dev/tox/commit/e8a7c0374b768f8f7dd0386be41d2ebb49972df5&quot;&gt;&lt;code&gt;e8a7c03&lt;/code&gt;&lt;/a> feat: Support depenedcy groups with self references (<a href="https://redirect.github.com/tox-dev/tox/issues/3666&quot;&gt;#3666&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/tox-dev/tox/commit/8a69efd8addef58643f2c89f13bcecb82d04df51&quot;&gt;&lt;code&gt;8a69efd&lt;/code&gt;&lt;/a> Update weekly.yaml</li>

<li><a href="https://github.com/tox-dev/tox/commit/9c5fe79ef5b590ccc121f73d3e76cee45757efae&quot;&gt;&lt;code&gt;9c5fe79&lt;/code&gt;&lt;/a> release 4.33.0</li>

<li><a href="https://github.com/tox-dev/tox/commit/c5698682b460b8997c9733c45333c2ba16d59600&quot;&gt;&lt;code&gt;c569868&lt;/code&gt;&lt;/a> feat: add conditional set_env support via PEP-508 markers (<a href="https://redirect.github.com/tox-dev/tox/issues/3663&quot;&gt;#3663&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/tox-dev/tox/commit/7b9610e5bca64acb9bc262a4b3a69ce9ee991d91&quot;&gt;&lt;code&gt;7b9610e&lt;/code&gt;&lt;/a> fix: update for Sphinx 9.1 compatibility (<a href="https://redirect.github.com/tox-dev/tox/issues/3662&quot;&gt;#3662&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/tox-dev/tox/commit/fa518018e01ca638ff03902009da1269bde089d6&quot;&gt;&lt;code&gt;fa51801&lt;/code&gt;&lt;/a> [pre-commit.ci] pre-commit autoupdate (<a href="https://redirect.github.com/tox-dev/tox/issues/3661&quot;&gt;#3661&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/tox-dev/tox/commit/29cdaabbe0416631346787da4c018f4a843e3a31&quot;&gt;&lt;code&gt;29cdaab&lt;/code&gt;&lt;/a> [pre-commit.ci] pre-commit autoupdate (<a href="https://redirect.github.com/tox-dev/tox/issues/3659&quot;&gt;#3659&lt;/a&gt;)&lt;/li>

<li>Additional commits viewable in <a href="https://github.com/tox-dev/tox/compare/4.27.0...4.34.1&quot;&gt;compare view</a></li>

</ul>

</details>
<br />


Updates tox-gh-actions from 3.3.0 to 3.5.0

Release notes
Sourced from tox-gh-actions's releases.

v3.5.0
What's Changed

Add support for free-threading Python builds by @​ymyzk in ymyzk/tox-gh-actions#228
GitHub Actions: macOS 13 runner image is closing down by @​cclauss in ymyzk/tox-gh-actions#227

Full Changelog: https://github.com/ymyzk/tox-gh-actions/compare/v3.4.0...v3.5.0
v3.4.0
What's Changed

GitHub Actions: Add Python 3.14 to the testing by @​cclauss in ymyzk/tox-gh-actions#223
Add PyPy 3.11 to CI by @​ymyzk in ymyzk/tox-gh-actions#203
README.md: Modernize versions of Python, Django, and GitHub Actions by @​cclauss in ymyzk/tox-gh-actions#225
Introduce pre-commit by @​ymyzk in ymyzk/tox-gh-actions#202
Set up Dependabot by @​ymyzk in ymyzk/tox-gh-actions#204
Update tox-gh-actions 2.x support status by @​ymyzk in ymyzk/tox-gh-actions#205
Bump codecov/codecov-action from 2 to 5 by @​dependabot[bot] in ymyzk/tox-gh-actions#207
Clean up unused CodeQL configuration by @​ymyzk in ymyzk/tox-gh-actions#211
Bump actions/setup-python from 4 to 5 by @​dependabot[bot] in ymyzk/tox-gh-actions#209
Migrate package metadata into pyproject.toml by @​ymyzk in ymyzk/tox-gh-actions#210
Bump actions/checkout from 1 to 4 by @​dependabot[bot] in ymyzk/tox-gh-actions#208
Set permissions explicitly in GitHub Actions by @​ymyzk in ymyzk/tox-gh-actions#212
Pin third-party GitHub actions using commit hash by @​ymyzk in ymyzk/tox-gh-actions#213
Bump codecov/codecov-action from 5.3.1 to 5.4.0 by @​dependabot[bot] in ymyzk/tox-gh-actions#214
Bump actions/download-artifact from 4 to 5 by @​dependabot[bot] in ymyzk/tox-gh-actions#217
Bump actions/setup-python from 5 to 6 by @​dependabot[bot] in ymyzk/tox-gh-actions#221
Bump codecov/codecov-action from 5.4.0 to 5.5.1 by @​dependabot[bot] in ymyzk/tox-gh-actions#222
Bump pypa/gh-action-pypi-publish from 1.12.4 to 1.13.0 by @​dependabot[bot] in ymyzk/tox-gh-actions#220
Bump actions/checkout from 4 to 5 by @​dependabot[bot] in ymyzk/tox-gh-actions#218
Add PyPI project URL to packaging workflow environment by @​ymyzk in ymyzk/tox-gh-actions#226

New Contributors

@​dependabot[bot] made their first contribution in ymyzk/tox-gh-actions#207

Full Changelog: https://github.com/ymyzk/tox-gh-actions/compare/v3.3.0...v3.4.0



Commits

dd8e04b Merge pull request #228 from ymyzk/free-threading
3d35511 Add support for free-threading Python builds
8deb697 Merge pull request #227 from cclauss/macos-13-intel
9251a8c Upgrade from deprecated macos-13 to macos-15-intel in CI
4fadf65 Merge pull request #226 from ymyzk/pypi-publish-env-url
2afbfde Add PyPI project URL to packaging workflow environment
c0f8b1d Merge pull request #225 from cclauss/update-README.md
f71f412 Merge pull request #218 from ymyzk/dependabot/github_actions/actions/checkout-5
5d0e50c Bump actions/checkout from 4 to 5
6ae0a5f Merge pull request #220 from ymyzk/dependabot/github_actions/pypa/gh-action-p...
Additional commits viewable in compare view




Updates astroid from 3.3.11 to 4.0.3

Release notes
Sourced from astroid's releases.

v4.0.3
What's New in astroid 4.0.3?
Release date: 2026-01-03


Fix inference of IfExp (ternary expression) nodes to avoid prematurely narrowing
results in the face of inference ambiguity.
Closes #2899


Fix base class inference for dataclasses using the PEP 695 typing syntax.
Refs pylint-dev/pylint#10788


v4.0.2
What's New in astroid 4.0.2?
Release date: 2025-11-09


Handle FunctionDef blockstart_tolineno edge cases correctly.
Refs #2880


Add HTTPMethod enum support to brain module for Python 3.11+.
Refs pylint-dev/pylint#10624
Closes #2877


v4.0.1
What's New in astroid 4.0.1?
Release date: 2025-10-11


Suppress SyntaxWarning for invalid escape sequences and return in finally on
Python 3.14 when parsing modules.


Assign Import and ImportFrom nodes to module locals if used with global.
Closes pylint-dev/pylint#10632


v4.0.0
What's New in astroid 4.0.0?
Release date: 2025-10-05


Support constraints from ternary expressions in inference.
Closes pylint-dev/pylint#9729


Handle deprecated bool(NotImplemented) cast in const nodes.




... (truncated)


Changelog
Sourced from astroid's changelog.

What's New in astroid 4.0.3?
Release date: 2026-01-03


Fix inference of IfExp (ternary expression) nodes to avoid prematurely narrowing
results in the face of inference ambiguity.
Closes #2899


Fix base class inference for dataclasses using the PEP 695 typing syntax.
Refs pylint-dev/pylint#10788


What's New in astroid 4.0.2?
Release date: 2025-11-09


Handle FunctionDef blockstart_tolineno edge cases correctly.
Refs #2880


Add HTTPMethod enum support to brain module for Python 3.11+.
Refs pylint-dev/pylint#10624
Closes #2877


What's New in astroid 4.0.1?
Release date: 2025-10-11


Suppress SyntaxWarning for invalid escape sequences and return in finally on
Python 3.14 when parsing modules.


Assign Import and ImportFrom nodes to module locals if used with global.
Closes pylint-dev/pylint#10632


What's New in astroid 4.0.0?
Release date: 2025-10-05


Support constraints from ternary expressions in inference.
Closes pylint-dev/pylint#9729


Handle deprecated bool(NotImplemented) cast in const nodes.


Add support for boolean truthiness constraints (x, not x) in inference.




... (truncated)


Commits

b978037 Bump astroid to 4.0.3, update changelog
5476bc3 [Backport maintenance/4.0.x] Wrong inference with default argument values (#2...
ae761dc [Backport maintenance/4.0.x] Fix base class inference for dataclasses with PE...
077c51f [Backport maintenance/4.0.x] [typing] Add sys check guard for typing.Self for...
f3255d1 [Backport maintenance/4.0.x] Skip mypy install for pypy (#2906)
d2823f2 [Backport maintenance/4.0.x] [ci] Fix windows cache key (#2903)
05c79e1 [Backport maintenance/4.0.x] Improve self argument typing (#2904)
a068430 Bump astroid to 4.0.2, update changelog
a5ce4b0 Upgrade pylint to 4.0.0, add mypy to the allowlist
d71bfac [Backport maintenance/4.0.x] Handle FunctionDef blockstart_tolineno edge case...
Additional commits viewable in compare view




Updates babel from 2.17.0 to 2.18.0

Release notes
Sourced from babel's releases.

v2.18.0
Happy 2026! Like last year's release (ahem...), this one too is being made from FOSDEM 2026, in Brussels, Belgium. 🇧🇪
We'll aspire for a less glacial release cycle for 2.19. 😁
Please see CHANGELOG.rst for the detailed change log.
Full Changelog: https://github.com/python-babel/babel/compare/v2.17.0...v2.18.0



Changelog
Sourced from babel's changelog.

Version 2.18.0
Happy 2026! This release is, coincidentally, also being made from FOSDEM.
We will aspire for a slightly less glacial release cadence in this year;
there are interesting features in the pipeline.
Features

* Core: Add `babel.core.get_cldr_version()` by @akx in :gh:`1242`
* Core: Use CLDR 47 by @tomasr8 in :gh:`1210`
* Core: Use canonical IANA zone names in zone_territories by @akx in :gh:`1220`
* Messages: Improve extract performance via ignoring directories early during os.walk by @akx in :gh:`968`
* Messages: Merge in per-format keywords and auto_comments by @akx in :gh:`1243`
* Messages: Update keywords for extraction of dpgettext and dnpgettext by @mardiros in :gh:`1235`
* Messages: Validate all plurals in Python format checker by @tomasr8 in :gh:`1188`
* Time: Use standard library `timezone` instead of `FixedOffsetTimezone` by @akx in :gh:`1203`
Bugfixes



Core: Fix formatting for "Empty locale identifier" exception added in #1164 by @​akx in :gh:1184
Core: Improve handling of no-inheritance-marker in timezone data by @​akx in :gh:1194
Core: Make the number pattern regular expression more efficient by @​akx in :gh:1213
Messages: Keep translator comments next to the translation function call by @​akx in :gh:1196
Numbers: Fix KeyError that occurred when formatting compact currencies of exactly one thousand in several locales  by @​bartbroere in :gh:1246

Other improvements

* Core: Avoid unnecessary uses of `map()` by @akx in :gh:`1180`
* Messages: Have init-catalog create directories too by @akx in :gh:`1244`
* Messages: Optimizations for read_po by @akx in :gh:`1200`
* Messages: Use pathlib.Path() in catalog frontend; improve test coverage by @akx in :gh:`1204`
Infrastructure and documentation



CI: Renovate CI & lint tools by @​akx in :gh:1228
CI: Tighten up CI with Zizmor by @​akx in :gh:1230
CI: make job permissions explicit by @​akx in :gh:1227
Docs: Add SECURITY.md by @​akx in :gh:1229
Docs: Remove u string prefix from docs by @​verhovsky in :gh:1174
Docs: Update dates.rst with current unicode.org tr35 link by @​clach04 in :gh:1189
General: Add some PyPI classifiers by @​tomasr8 in :gh:1186
General: Apply reformatting by hand and with Ruff by @​akx in :gh:1202
General: Test on and declare support for Python 3.14 by @​akx in :gh:1233



... (truncated)


Commits

56c63ca Prepare for 2.18.0 (#1248)
73015a1 Add user-agent to CLDR downloader (#1247)
29bd362 Fix formatting compact currencies of exactly one thousand in several locales ...
851db43 Reuse InitCatalog's guts in UpdateCatalog (#1244)
fd00e60 Extract: Merge in per-format keywords and auto_comments (#1243)
12a14b6 Add dpgettext and dnpgettext support (#1235)
7110e62 Use canonical IANA zone names in zone_territories (#1220)
e91c346 Improve extract performance via ignoring directories early during os.walk (#968)
0c4f378 Convert Unittest testcases with setup/teardown to fixtures (#1240)
218c96e Add babel.core.get_cldr_version() (#1242)
Additional commits viewable in compare view




Updates beautifulsoup4 from 4.13.4 to 4.14.3
Updates cachetools from 6.1.0 to 7.0.0

Changelog
Sourced from cachetools's changelog.

v7.0.0 (2026-02-01)


Require Python 3.10 or later (breaking change).


Drop support for passing info as fourth positional parameter to
@cached (breaking change).


Drop support for cache(self) returning None with
@cachedmethod (breaking change).


Convert the @cachedmethod wrappers to descriptors, deprecating
its use with class methods and instances that do not provide a
mutable __dict__ attribute (potentially breaking change).


Convert the previously undocumented @cachedmethod attributes
(cache, cache_lock, etc.) to properties for instance
methods, providing official support and documentation (potentially
breaking change).


Add an optional info parameter to the @cachedmethod
decorator for reporting per-instance cache statistics.  Note that
this requires the instance's __dict__ attribute to be a mutable
mapping.


v6.2.6 (2026-01-27)


Improve typedkey performance.


Minor documentation improvements.


Minor testing improvements.


Minor code readability improvements.


v6.2.5 (2026-01-25)


Improve documentation regarding @cachedmethod with lock
parameter.


Add test cases for cache stampede scenarios.


Update CI environment.


v6.2.4 (2025-12-15)


... (truncated)


Commits

28bbcba Release v7.0.0.
45776b2 Minor code and documentation improvements.
51a70a9 Fix #357: Update documentation.
bb72c21 Fix #357: Add cache_info() support for @​cachedmethod.
86352ae Fix #357: Convert @​cachedmethod decorators to descriptors.
263cf31 Prepare v7.0.0.
59d4db2 Drop support for cache(self) returning None in @​cachedmethod.
c933a97 Drop support for passing "info" as fourth positional parameter of @​cached.
ae3d6bd Drop support for Python 3.9.
a12c3b0 Bump actions/checkout from 6.0.1 to 6.0.2
Additional commits viewable in compare view




Updates certifi from 2025.7.14 to 2026.1.4

Commits

c64d9f3 2026.01.04 (#389)
4ac232f Bump actions/download-artifact from 6.0.0 to 7.0.0 (#387)
95ae4b2 Update CI workflow to use Ubuntu 24.04 and Python 3.14 stable (#386)
b72a7b1 Bump dessant/lock-threads from 5.0.1 to 6.0.0 (#385)
ecc2672 Bump actions/upload-artifact from 5.0.0 to 6.0.0 (#384)
6a897db Bump peter-evans/create-pull-request from 7.0.11 to 8.0.0 (#383)
27ca98a Bump peter-evans/create-pull-request from 7.0.9 to 7.0.11 (#381)
56c59a6 Bump actions/checkout from 6.0.0 to 6.0.1 (#382)
ae0021c Bump actions/setup-python from 6.0.0 to 6.1.0 (#380)
ddf5d0b Bump actions/checkout from 5.0.1 to 6.0.0 (#378)
Additional commits viewable in compare view




Updates cffi from 1.17.1 to 2.0.0

Release notes
Sourced from cffi's releases.

v2.0.0
What's Changed

Add Python 3.14 support.
Add CPython free-threaded support (3.14t+ only) - huge thanks to the folks at Quansight Labs for all the work to get this one sorted!
Drop Python <= 3.8 support.
Fix order dependency affecting nested type size calculation (#148).

Full Changelog: https://github.com/python-cffi/cffi/compare/v1.17.1...v2.0.0
v2.0.0b1
What's Changed

Add Python 3.14 support.
Add CPython free-threaded support (3.14t+ only).
Drop Python <= 3.8 support.
Fix order dependency affecting nested type size calculation (#148).

Full Changelog: https://github.com/python-cffi/cffi/compare/v1.17.1...v2.0.0b1



Commits

6366c01 release 2.0.0 (#196)
95c8476 2.0.0 post beta backports (#195)
195cbda Release 2.0.0b1 (#183)
b4bbe79 fix version test to support beta
7ed073d Add support for the free-threaded build (#178)
67a170d Change the license from MIT to MIT-no-attribution, which is the same without ...
92645ec Add Python 3.14 support/testing (#177)
2b81170 doc: update test commands in Section Testing/development tips (#158)
25172b8 doc: update year (#153)
b57a92c issue 147: force-compute nested structs before parent structs.  Occurs mainly...
Additional commits viewable in compare view




Updates charset-normalizer from 3.4.2 to 3.4.4

Release notes
Sourced from charset-normalizer's releases.

Version 3.4.4
3.4.4 (2025-10-13)
Changed

Bound setuptools to a specific constraint setuptools>=68,<=81.
Raised upper bound of mypyc for the optional pre-built extension to v1.18.2

Removed

setuptools-scm as a build dependency.

Misc

Enforced hashes in dev-requirements.txt and created ci-requirements.txt for security purposes.
Additional pre-built wheels for riscv64, s390x, and armv7l architectures.
Restore multiple.intoto.jsonl in GitHub releases in addition to individual attestation file per wheel.

Version 3.4.3
3.4.3 (2025-08-09)
Changed

mypy(c) is no longer a required dependency at build time if CHARSET_NORMALIZER_USE_MYPYC isn't set to 1. (#595) (#583)
automatically lower confidence on small bytes samples that are not Unicode in detect output legacy function. (#391)

Added

Custom build backend to overcome inability to mark mypy as an optional dependency in the build phase.
<...
Description has been truncated

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.