Bump the everything-else group across 1 directory with 50 updates

[dependabot]

Updates the requirements on setuptools, wheel, astroid, babel, beautifulsoup4, build, cachetools, certifi, cffi, chardet, charset-normalizer, cryptography, dill, distlib, docutils, exceptiongroup, filelock, idna, imagesize, importlib-metadata, iniconfig, isort, jaraco-context, jaraco-functools, keyring, markdown-it-py, markupsafe, mdit-py-plugins, more-itertools, nh3, packaging, platformdirs, pycparser, pygments, pylint, pyproject-api, pyyaml, requests, rich, secretstorage, soupsieve, tomli, tomlkit, tox, tox-gh-actions, twine, typing-extensions, urllib3, virtualenv and zipp to permit the latest version.
Updates setuptools to 82.0.1

Changelog

Sourced from setuptools's changelog.

v82.0.1

Bugfixes

• Fix the loading of launcher manifest.xml file. (#5047)
• Replaced deprecated json.__version__ with fixture in tests. (#5186)

Improved Documentation

• Add advice about how to improve predictability when installing sdists. (#5168)

Misc

• #4941, #5157, #5169, #5175

v82.0.0

Deprecations and Removals

• pkg_resources has been removed from Setuptools. Most common uses of pkg_resources have been superseded by the importlib.resources <https://docs.python.org/3/library/importlib.resources.html>_ and importlib.metadata <https://docs.python.org/3/library/importlib.metadata.html>_ projects. Projects and environments relying on pkg_resources for namespace packages or other behavior should depend on older versions of setuptools. (#3085)

v81.0.0

Deprecations and Removals

• Removed support for the --dry-run parameter to setup.py. This one feature by its nature threads through lots of core and ancillary functionality, adding complexity and friction. Removal of this parameter will help decouple the compiler functionality from distutils and thus the eventual full integration of distutils. These changes do affect some class and function signatures, so any derivative functionality may require some compatibility shims to support their expected interface. Please report any issues to the Setuptools project for investigation. (#4872)

v80.10.2

Bugfixes

• Update vendored dependencies. (#5159)

Misc

... (truncated)

Commits

• 5a13876 Bump version: 82.0.0 → 82.0.1
• 51ab8f1 Avoid using (deprecated) 'json.version' in tests (#5194)
• f9c37b2 Docs/CI: Fix intersphinx references (#5195)
• 8173db2 Docs: Fix intersphinx references
• 09bafbc Fix past tense on newsfragment
• 461ea56 Add news fragment
• c4ffe53 Avoid using (deprecated) 'json.version' in tests
• 749258b Cleanup pkg_resources dependencies and configuration (#5175)
• 2019c16 Parse ext-module.define-macros from pyproject.toml as list of tuples (#5169)
• b809c86 Sync setuptools schema with validate-pyproject (#5157)
• Additional commits viewable in compare view

Updates wheel to 0.46.3

Release notes

Sourced from wheel's releases.

0.46.3

• Fixed ImportError: cannot import name '_setuptools_logging' from 'wheel' when installed alongside an old version of setuptools and running the bdist_wheel command (#676)

Changelog

Sourced from wheel's changelog.

Release Notes

UNRELEASED

• Added the wheel info subcommand to display metadata about wheel files without unpacking them ([#639](https://github.com/pypa/wheel/issues/639) <https://github.com/pypa/wheel/issues/639>_)

0.46.3 (2026-01-22)

• Fixed ImportError: cannot import name '_setuptools_logging' from 'wheel' when installed alongside an old version of setuptools and running the bdist_wheel command ([#676](https://github.com/pypa/wheel/issues/676) <https://github.com/pypa/wheel/issues/676>_)

0.46.2 (2026-01-22)

• Restored the bdist_wheel command for compatibility with setuptools older than v70.1
• Importing wheel.bdist_wheel now emits a FutureWarning instead of a DeprecationWarning
• Fixed wheel unpack potentially altering the permissions of files outside of the destination tree with maliciously crafted wheels (CVE-2026-24049)

0.46.1 (2025-04-08)

• Temporarily restored the wheel.macosx_libfile module ([#659](https://github.com/pypa/wheel/issues/659) <https://github.com/pypa/wheel/issues/659>_)

0.46.0 (2025-04-03)

• Dropped support for Python 3.8
• Removed the bdist_wheel setuptools command implementation and entry point. The wheel.bdist_wheel module is now just an alias to setuptools.command.bdist_wheel, emitting a deprecation warning on import.
• Removed vendored packaging in favor of a run-time dependency on it
• Made the wheel.metadata module private (with a deprecation warning if it's imported
• Made the wheel.cli package private (no deprecation warning)
• Fixed an exception when calling the convert command with an empty description field

0.45.1 (2024-11-23)

• Fixed pure Python wheels converted from eggs and wininst files having the ABI tag in the file name

0.45.0 (2024-11-08)

• Refactored the convert command to not need setuptools to be installed
• Don't configure setuptools logging unless running bdist_wheel

... (truncated)

Commits

• 8b6fa74 Created a new release
• 7445fb5 Fixed an import of a removed module
• eba4036 Updated the version number for v0.46.2
• 557fb54 Created a new release
• 7a7d2de Fixed security issue around wheel unpack (#675)
• 41418fa Fixed test failures due to metadata normalization changes
• c1d442b [pre-commit.ci] pre-commit autoupdate (#674)
• 0bac882 Update github actions environments (#673)
• be9f45b [pre-commit.ci] pre-commit autoupdate (#667)
• 6244f08 Update pre-commit ruff legacy alias (#668)
• Additional commits viewable in compare view

Updates astroid from 3.3.11 to 4.1.2

Release notes

Sourced from astroid's releases.

v4.1.2

What's New in astroid 4.1.2?

Release date: 2026-03-22

• Fix crash accessing property fset in generic classes with type annotations. Closes #2996

• Fix infinite recursion caused by cyclic inference in Constraint.

• Fix RecursionError in _compute_mro() when circular class hierarchies are created through runtime name rebinding. Circular bases are now resolved to the original class instead of recursing.

  Closes #2967 Closes pylint-dev/pylint#10821

• Fix DuplicateBasesError crash in dataclass transform when a class has duplicate bases in its MRO (e.g., Protocol appearing both directly and indirectly). Catch MroError at .mro() call sites in brain_dataclasses.py, consistent with the existing pattern elsewhere.

  Closes #2628

• Fix FunctionModel returning descriptor attributes for builtin functions.

  Closes #2743

• Catch MemoryError when inferring f-strings with extremely large format widths (e.g. f'{0:11111111111}') so that inference yields Uninferable instead of crashing.

  Closes #2762

• Fix ValueError in __str__/repr and error messages when nodes have extreme values (very long identifiers or large integers). Clamp pprint width to a minimum of 1 and truncate oversized values in error messages.

  Closes #2764

v4.1.1

What's New in astroid 4.1.1?

Release date: 2026-02-22

• Let UnboundMethodModel inherit from FunctionModel to improve inference of dunder methods for unbound methods.

  Refs #2741

... (truncated)

Changelog

Sourced from astroid's changelog.

What's New in astroid 4.1.2?

Release date: 2026-03-22

• Fix crash accessing property fset in generic classes with type annotations. Closes #2996

• Fix infinite recursion caused by cyclic inference in Constraint.

• Fix RecursionError in _compute_mro() when circular class hierarchies are created through runtime name rebinding. Circular bases are now resolved to the original class instead of recursing.

  Closes #2967 Closes pylint-dev/pylint#10821

• Fix DuplicateBasesError crash in dataclass transform when a class has duplicate bases in its MRO (e.g., Protocol appearing both directly and indirectly). Catch MroError at .mro() call sites in brain_dataclasses.py, consistent with the existing pattern elsewhere.

  Closes #2628

• Fix FunctionModel returning descriptor attributes for builtin functions.

  Closes #2743

• Catch MemoryError when inferring f-strings with extremely large format widths (e.g. f'{0:11111111111}') so that inference yields Uninferable instead of crashing.

  Closes #2762

• Fix ValueError in __str__/repr and error messages when nodes have extreme values (very long identifiers or large integers). Clamp pprint width to a minimum of 1 and truncate oversized values in error messages.

  Closes #2764

What's New in astroid 4.1.1?

Release date: 2026-02-22

• Let UnboundMethodModel inherit from FunctionModel to improve inference of dunder methods for unbound methods.

  Refs #2741

• Filter Unknown from UnboundMethod and Super special attribute

... (truncated)

Commits

• 91dac13 Bump astroid to 4.1.2, update changelog (#3011)
• 796eba8 objectmodel: fix crash analyzing property fset in generic classes with type a...
• ca814f0 Update CI workflow to include maintenance branch (#2999)
• 7593877 [Backport maintenance/4.1.x] Fix cyclic inference by constraints (#2998)
• 3f63f90 Fix builtin functions incorrectly exposing descriptor attributes (#2983)
• be7479e Fix ValueError in str/repr and error messages with extreme values (#2971)
• 1c9938d Fix RecursionError in _compute_mro() on circular class hierarchies (#2968)
• 98938ad [Backport maintenance/4.1.x] Fix DuplicateBasesError crash in dataclass trans...
• 33fabe0 [Backport maintenance/4.1.x] Fix MemoryError when inferring f-string with lar...
• f11d7ae Bump astroid to 4.1.1, update changelog
• Additional commits viewable in compare view

Updates babel from 2.17.0 to 2.18.0

Release notes

Sourced from babel's releases.

v2.18.0

Happy 2026! Like last year's release (ahem...), this one too is being made from FOSDEM 2026, in Brussels, Belgium. 🇧🇪 We'll aspire for a less glacial release cycle for 2.19. 😁

Please see CHANGELOG.rst for the detailed change log.

Full Changelog: python-babel/babel@v2.17.0...v2.18.0

Changelog

Sourced from babel's changelog.

Version 2.18.0

Happy 2026! This release is, coincidentally, also being made from FOSDEM.

We will aspire for a slightly less glacial release cadence in this year; there are interesting features in the pipeline.

Features

* Core: Add `babel.core.get_cldr_version()` by @akx in :gh:`1242`
* Core: Use CLDR 47 by @tomasr8 in :gh:`1210`
* Core: Use canonical IANA zone names in zone_territories by @akx in :gh:`1220`
* Messages: Improve extract performance via ignoring directories early during os.walk by @akx in :gh:`968`
* Messages: Merge in per-format keywords and auto_comments by @akx in :gh:`1243`
* Messages: Update keywords for extraction of dpgettext and dnpgettext by @mardiros in :gh:`1235`
* Messages: Validate all plurals in Python format checker by @tomasr8 in :gh:`1188`
* Time: Use standard library `timezone` instead of `FixedOffsetTimezone` by @akx in :gh:`1203`
Bugfixes

• Core: Fix formatting for "Empty locale identifier" exception added in #1164 by @​akx in :gh:1184
• Core: Improve handling of no-inheritance-marker in timezone data by @​akx in :gh:1194
• Core: Make the number pattern regular expression more efficient by @​akx in :gh:1213
• Messages: Keep translator comments next to the translation function call by @​akx in :gh:1196
• Numbers: Fix KeyError that occurred when formatting compact currencies of exactly one thousand in several locales by @​bartbroere in :gh:1246

Other improvements

* Core: Avoid unnecessary uses of `map()` by @akx in :gh:`1180`
* Messages: Have init-catalog create directories too by @akx in :gh:`1244`
* Messages: Optimizations for read_po by @akx in :gh:`1200`
* Messages: Use pathlib.Path() in catalog frontend; improve test coverage by @akx in :gh:`1204`
Infrastructure and documentation

• CI: Renovate CI & lint tools by @​akx in :gh:1228
• CI: Tighten up CI with Zizmor by @​akx in :gh:1230
• CI: make job permissions explicit by @​akx in :gh:1227
• Docs: Add SECURITY.md by @​akx in :gh:1229
• Docs: Remove u string prefix from docs by @​verhovsky in :gh:1174
• Docs: Update dates.rst with current unicode.org tr35 link by @​clach04 in :gh:1189
• General: Add some PyPI classifiers by @​tomasr8 in :gh:1186
• General: Apply reformatting by hand and with Ruff by @​akx in :gh:1202
• General: Test on and declare support for Python 3.14 by @​akx in :gh:1233

... (truncated)

Commits

• 56c63ca Prepare for 2.18.0 (#1248)
• 73015a1 Add user-agent to CLDR downloader (#1247)
• 29bd362 Fix formatting compact currencies of exactly one thousand in several locales ...
• 851db43 Reuse InitCatalog's guts in UpdateCatalog (#1244)
• fd00e60 Extract: Merge in per-format keywords and auto_comments (#1243)
• 12a14b6 Add dpgettext and dnpgettext support (#1235)
• 7110e62 Use canonical IANA zone names in zone_territories (#1220)
• e91c346 Improve extract performance via ignoring directories early during os.walk (#968)
• 0c4f378 Convert Unittest testcases with setup/teardown to fixtures (#1240)
• 218c96e Add babel.core.get_cldr_version() (#1242)
• Additional commits viewable in compare view

Updates beautifulsoup4 from 4.13.4 to 4.14.3

Updates build from 1.2.2.post1 to 1.4.3

Release notes

Sourced from build's releases.

1.4.3

What's Changed

• 🐛 fix(api): resolve thread-safety races in build API by @​gaborbernat in pypa/build#1015
• 🐛 fix(builder): validate backend-path entries exist on disk by @​gaborbernat in pypa/build#1016
• test: cover config settings build paths by @​terminalchai in pypa/build#992
• Add kind=(step, ) for root messages with * by @​abitrolly in pypa/build#973
• fix: correct changelog category ordering by @​gaborbernat in pypa/build#1017
• 🐛 fix(cli): show full dependency chain in missing deps error by @​gaborbernat in pypa/build#1019
• tests: fully annotate by @​henryiii in pypa/build#1020
• chore: lazy imports by @​henryiii in pypa/build#1021
• chore: adding more ruff codes by @​henryiii in pypa/build#1022
• tests: improve annotations by @​henryiii in pypa/build#1023
• 🧪 test(coverage): achieve 100% test coverage by @​gaborbernat in pypa/build#1018
• chore: add ruff PT by @​henryiii in pypa/build#1025
• chore: add ruff PYI by @​henryiii in pypa/build#1026
• chore: add ruff SIM/RET by @​henryiii in pypa/build#1028
• 🐛 fix(env): strip PYTHONPATH from isolated builds by @​gaborbernat in pypa/build#1024
• chore: use ruff ALL by @​henryiii in pypa/build#1029
• 🐛 fix(env): prevent pip credential hang with private indexes by @​gaborbernat in pypa/build#1030
• 🐛 fix(check_dependency): verify URL reqs via PEP 610 by @​gaborbernat in pypa/build#1027

New Contributors

• @​terminalchai made their first contribution in pypa/build#992

Full Changelog: pypa/build@1.4.2...1.4.3

1.4.2

What's Changed

• fix(uv): always pass the python to use by @​henryiii in pypa/build#996
• 🐛 fix(release): detect pre-commit environment inconsistencies by @​gaborbernat in pypa/build#1001
• 🔧 fix(towncrier): match docstrfmt RST formatting expectations by @​gaborbernat in pypa/build#1002
• Fix _has_valid_outer_pip when pip is missing by @​notatallshaw in pypa/build#1003
• fix: release changelog issue by @​henryiii in pypa/build#1006

New Contributors

• @​notatallshaw made their first contribution in pypa/build#1003

Full Changelog: pypa/build@1.4.1...1.4.2

1.4.1

What's Changed

• Fix documentation grammar and typos by @​DimitriPapadopoulos in pypa/build#979
• Allow setting build constraints by @​layday in pypa/build#963
• fix: pip hack workaround by @​henryiii in pypa/build#980

... (truncated)

Changelog

Sourced from build's changelog.

#################### 1.4.3 (2026-04-10) ####################

---

Features

---

• Add kind parameter to log messages to separate semantic and representation - by :user:abitrolly (:issue:973)

---

Bugfixes

---

• Strip PYTHONPATH from the environment during isolated builds to prevent host packages from leaking into the build
  • by :user:gaborbernat (:issue:405)
• Pass --no-input to pip to prevent hidden credential prompts that cause hangs, and automatically set PIP_KEYRING_PROVIDER=subprocess (or UV_KEYRING_PROVIDER=subprocess for the uv installer) when the keyring CLI is on PATH -- by :user:gaborbernat (:issue:409)
• check_dependency now reports URL requirements as unmet instead of silently accepting them when a package with the same name is installed - by :user:gaborbernat (:issue:860)
• Fix misleading missing dependency error display where transitive dependency chains showed the top-level package on a separate line, making it appear as if the top-level package itself was missing - by :user:gaborbernat (:issue:875)
• Fix towncrier template to generate changelog categories in definition order - by :user:gaborbernat (:issue:1007)
• Resolve thread-safety races in the build API - by :user:gaborbernat (:issue:1015)
• Validate backend-path entries exist on disk with a clear error - by :user:gaborbernat (:issue:1016)

---

Miscellaneous

---

• :issue:1020, :issue:1021

#################### 1.4.2 (2026-03-25) ####################

---

Bugfixes

---

• Ensure the uv installer uses the current version of Python, avoiding an issue if UV_PYTHON is set, for example. (:issue:977)
• Fix _has_valid_outer_pip returning True when pip is missing, causing build to try using a non-existent pip instead of falling back to virtualenv. (:issue:1003)

#################### 1.4.1 (2026-03-24) ####################

... (truncated)

Commits

• 130b043 chore: prepare for 1.4.3
• 7642efe 🐛 fix(check_dependency): verify URL reqs via PEP 610 (#1027)
• d407530 🐛 fix(env): prevent pip credential hang with private indexes (#1030)
• b3dc114 chore: use ruff ALL (#1029)
• 27b67b2 🐛 fix(env): strip PYTHONPATH from isolated builds (#1024)
• c1454fd chore: add ruff SIM/RET (#1028)
• 0b1ca1c chore: add ruff PYI (#1026)
• f1dfe82 chore: add ruff PT (#1025)
• 4348292 🧪 test(coverage): achieve 100% test coverage (#1018)
• 5d3390b tests: improve annotations (#1023)
• Additional commits viewable in compare view

Updates cachetools from 6.1.0 to 7.0.5

Changelog

Sourced from cachetools's changelog.

v7.0.5 (2026-03-09)

• Minor @cachedmethod performance improvements.

v7.0.4 (2026-03-08)

• Fix and properly document @cachedmethod.cache_key behavior.

• Minor documentation improvements.

v7.0.3 (2026-03-05)

• Fix DeprecationWarning when creating an autospec mock with @cachedmethod decorations.

v7.0.2 (2026-03-02)

• Provide more efficient clear() implementation for all support Cache classes (courtesy Josep Pon Farreny).

v7.0.1 (2026-02-10)

• Various test improvements.

• Update Copilot Instructions.

v7.0.0 (2026-02-01)

• Require Python 3.10 or later (breaking change).

• Drop support for passing info as fourth positional parameter to @cached (breaking change).

• Drop support for cache(self) returning None with @cachedmethod (breaking change).

• Convert the @cachedmethod wrappers to descriptors, deprecating its use with class methods and instances that do not provide a mutable __dict__ attribute (potentially breaking change).

... (truncated)

Commits

• 5dce86f Release v7.0.5.
• af5e688 Minor @​cachedmethod performance improvements.
• 0ca75e6 Relase v7.0.4.
• 5b1fa39 Prepare v7.0.4.
• 18e5930 Fix #218: Fix and properly document @​cachedmethod.cache_key handling.
• 98ec79f Drop "class method" from @​cachedmethod docstring.
• 93822a3 Release v7.0.3.
• 57d2e48 Fix #387: Handle obj=None case for inspection in _DescriptorBase.
• 8011b71 Release v7.0.2.
• 73d1602 Minor cleanups.
• Additional commits viewable in compare view

Updates certifi from 2025.7.14 to 2026.2.25

Commits

• 8571a4b 2026.02.25 (#395)
• 6f7de00 Bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 (#390)
• a1de59b Bump actions/checkout from 6.0.1 to 6.0.2 (#391)
• 7f5ade5 Bump actions/setup-python from 6.1.0 to 6.2.0 (#392)
• c64d9f3 2026.01.04 (#389)
• 4ac232f Bump actions/download-artifact from 6.0.0 to 7.0.0 (#387)
• 95ae4b2 Update CI workflow to use Ubuntu 24.04 and Python 3.14 stable (#386)
• b72a7b1 Bump dessant/lock-threads from 5.0.1 to 6.0.0 (#385)
• ecc2672 Bump actions/upload-artifact from 5.0.0 to 6.0.0 (#384)
• 6a897db Bump peter-evans/create-pull-request from 7.0.11 to 8.0.0 (#383)
• Additional commits viewable in compare view

Updates cffi from 1.17.1 to 2.0.0

Release notes

Sourced from cffi's releases.

v2.0.0

What's Changed

• Add Python 3.14 support.
• Add CPython free-threaded support (3.14t+ only) - huge thanks to the folks at Quansight Labs for all the work to get this one sorted!
• Drop Python <= 3.8 support.
• Fix order dependency affecting nested type size calculation (#148).

Full Changelog: python-cffi/cffi@v1.17.1...v2.0.0

v2.0.0b1

What's Changed

• Add Python 3.14 support.
• Add CPython free-threaded support (3.14t+ only).
• Drop Python <= 3.8 support.
• Fix order dependency affecting nested type size calculation (#148).

Full Changelog: python-cffi/cffi@v1.17.1...v2.0.0b1

Commits

• 6366c01 release 2.0.0 (#196)
• 95c8476 2.0.0 post beta backports (#195)
• 195cbda Release 2.0.0b1 (#183)
• b4bbe79 fix version test to support beta
• 7ed073d Add support for the free-threaded build (#178)
• 67a170d Change the license from MIT to MIT-no-attribution, which is the same without ...
• 92645ec Add Python 3.14 support/testing (#177)
• 2b81170 doc: update test commands in Section Testing/development tips (#158)
• 25172b8 doc: update year (#153)
• b57a92c issue 147: force-compute nested structs before parent structs. Occurs mainly...
• Additional commits viewable in compare view

Updates chardet from 5.2.0 to 7.4.3

Release notes

Sourced from chardet's releases.

7.4.3

Patch release: fixes a crash when input contains null bytes inside a <meta charset> declaration.

Bug Fixes

• Fixed ValueError: embedded null character crash when input contained a <meta charset> declaration with a null byte in the encoding name (e.g. b'<meta charset="\x00utf-8">'). codecs.lookup() raises ValueError on embedded nulls, and lookup_encoding() was only catching LookupError. Also added defensive ValueError catches in _validate_bytes() and _to_utf8() for completeness. (#369, thanks @​DRMacIver for the report)

Full Changelog: chardet/chardet@7.4.2...7.4.3

7.4.2

Patch release: fixes a crash on short inputs and closes a bunch of WHATWG/IANA alias gaps.

Bug Fixes

• Fixed RuntimeError: pipeline must always return at least one result on ~2% of all possible two-byte inputs (e.g. b"\xf9\x92"). Multi-byte encodings like CP932 and Johab could score above the structural confidence threshold on very short inputs, but then statistical scoring would return nothing, leaving an empty result list instead of falling through to the fallback. (#367, #368, thanks @​jasonwbarnett)

Improvements

• Added ~90 encoding aliases from the WHATWG Encoding Standard and IANA Character Sets registry so that <meta charset> labels like x-cp1252, x-sjis, dos-874, csUTF8, and the cswindows* family all resolve correctly through the markup detection stage. Every alias was driven by a failing spec-compliance test, not speculative. (#366)
• Added a spec-compliance test suite covering Python decode round-trips for all 86 registry encodings, WHATWG label resolution, IANA preferred MIME names, and Unicode/RFC conformance (BOM sniffing, UTF-8 boundary cases, UTF-16 surrogate pairs). This is the test suite that would have caught the 7.4.1 BOM bug before release. (#366)

Full Changelog: chardet/chardet@7.4.1...7.4.2

7.4.1

Bug Fixes

• BOM-prefixed UTF-16/32 input now returns utf-16/utf-32 instead of utf-16-le/utf-16-be/utf-32-le/utf-32-be. The endian-specific codecs don't strip the BOM on decode, so callers were getting a stray U+FEFF at the start of their text. BOM-less detection is unchanged. (#364, #365)

Full Changelog: chardet/chardet@7.4.0...7.4.1

chardet 7.4.0 brings accuracy up to 99.3% (from 98.6% in 7.3.0) and significantly faster cold start thanks to a new dense model format.

What's New

Performance:

• New dense zlib-compressed model format (v2) drops cold start (import + first detect) from ~75ms to ~13ms with mypyc

Accuracy (98.6% → 99.3%):

• Eliminated train/test data overlap via content fingerprinting
• Added MADLAD-400 and Wikipedia as supplemental training sources
• Improved non-ASCII bigram scoring: high-byte bigrams are now preserved during training and weighted by per-bigram IDF
• Encoding-aware substitution filtering (substitutions only apply for characters the target encoding can't represent)
• Increased training samples from 15K to 25K per language/encoding pair

Bug fixes:

• Added dedicated structural analyzers for CP932, CP949, and Big5-HKSCS (these were previously sharing their base encoding's byte-range analyzer, missing extended ranges)

Metrics

| | chardet 7.4.0 (mypyc) | chardet 6.0.0 | charset-normalizer 3.4.6 |

... (truncated)

Changelog

Sourced from chardet's changelog.

7.4.3 (2026-04-13)

Bug Fixes:

• Fixed ValueError: embedded null character crash when input contained a <meta charset> declaration with a null byte in the encoding name (e.g. b'<meta charset="\x00utf-8">'). codecs.lookup() raises ValueError on embedded nulls, and lookup_encoding() was only catching LookupError. Also added defensive ValueError catches in _validate_bytes() and _to_utf8() for completeness. (Dan Blanchard <https://github.com/dan-blanchard>_ via Claude, [#369](https://github.com/chardet/chardet/issues/369) <https://github.com/chardet/chardet/issues/369>_)

7.4.2 (2026-04-12)

Bug Fixes:

• Fixed RuntimeError: pipeline must always return at least one result on ~2% of all possible two-byte inputs (e.g. b"\xf9\x92"). Multi-byte encodings like CP932 and Johab could score above the structural confidence threshold on very short inputs, but then statistical scoring would return nothing, leaving the pipeline with an empty result list instead of falling through to the no_match_encoding fallback. (Jason Barnett <https://github.com/jasonwbarnett>_ via Claude, [#367](https://github.com/chardet/chardet/issues/367) <https://github.com/chardet/chardet/issues/367>, [#368](https://github.com/chardet/chardet/issues/368) <https://github.com/chardet/chardet/pull/368>)

Improvements:

• Added ~90 encoding aliases from the WHATWG Encoding Standard and IANA Character Sets registry so that <meta charset> labels like x-cp1252, x-sjis, dos-874, csUTF8, and the cswindows* family all resolve correctly through the markup detection stage. Every alias was driven by a failing spec-compliance test. (Dan Blanchard <https://github.com/dan-blanchard>_ via Claude, [#366](https://github.com/chardet/chardet/issues/366) <https://github.com/chardet/chardet/pull/366>_)
• Added a spec-compliance test suite covering Python decode round-trips for all 86 registry encodings, WHATWG web-platform label resolution, IANA preferred MIME names, and Unicode/RFC conformance (BOM sniffing, UTF-8 boundary cases, UTF-16 surrogate pairs). This is the test suite that would have caught the 7.4.1 BOM bug before release. (Dan Blanchard <https://github.com/dan-blanchard>_ via Claude, [#366](https://github.com/chardet/chardet/issues/366) <https://github.com/chardet/chardet/pull/366>_)

7.4.1 (2026-04-07)

... (truncated)

Commits

• 8f404a5 docs: set 7.4.3 release date to 2026-04-13
• 7a6667f docs: fix changelog attribution for #369
• a1fc986 docs: changelog for 7.4.3
• 0af01d6 Fix ValueError crash on null bytes in charset declarations (#369)
• 08e4ebc ci: parallelize riscv64 builds across 5 RISE runners
• 2f6e1e9 ci: use python3 -m pip on riscv64 runner
• 204623d ci: invoke cibuildwheel manually on riscv64 runner
• 78c1d20 ci: use native runners for aarch64/riscv64 instead of QEMU
• 3cc0960 docs: changelog for 7.4.2
• 9079efc Fix RuntimeError on ~2% of two-byte inputs (#368)
• Additional commits viewable in compare view

Updates charset-normalizer from 3.4.2 to 3.4.7

Release notes

Sourced from charset-normalizer's releases.

Version 3.4.7

3.4.7 (2026-04-02)

Changed

• Pre-built optimized version using mypy[c] v1.20.
• Relax setuptools constraint to setuptools>=68,<82.1.

Fixed

• Correctly remove SIG remnant in utf-7 decoded string. (#718) (#716)

Version 3.4.6

3.4.6 (2026-03-15)

Changed

• Flattened the logic in charset_normalizer.md for higher performance. Removed eligible(..) and feed(...) in favor of feed_info(...).
• Raised upper bound for mypy[c] to 1.20, for our optimized version.
• Updated UNICODE_RANGES_COMBINED using Unicode blocks v17.

Fixed

• Edge case where noise difference between two candidates can be almost insignificant. (#672)
• CLI --normalize writing to wrong path when passing multiple files in. (#702)

Misc

• Freethreaded pre-built wheels now shipped in PyPI starting with 3.14t. (#616)

Version 3.4.5

3.4.5 (2026-03-06)

Changed

• Update setuptools constraint to setuptools>=68,<=82.
• Raised upper bound of mypyc for the optional pre-built extension to v1.19.1

Fixed

• Add explicit link to lib math in our optimized build. (#692)
• Logger level not restored correctly for empty byte sequences. (#701)
• TypeError when passing bytearray to from_bytes. (#703)

Misc

• Applied safe micro-optimizations in both our noise detector and language detector.
• Rewrote the query_yes_no function (inside CLI) to avoid using ambiguous licensed code.
• Added cd.py submodule into mypyc optional compilation to reduce further the performance impact.

[!WARNING]
mypyc changed the usual binary output for the optimized wheel. Beware, especially if using PyInstaller or alike. See jawah/charset_normalizer#714

Version 3.4.4

3.4.4 (2025-10-13)

Changed

... (truncated)

Changelog

Sourced from charset-normalizer's changelog.

3.4.7 (2026-04-02)

Changed

• Pre-built optimized version using mypy[c] v1.20.
• Relax setuptools constraint to setuptools>=68,<82.1.

Fixed

• Correctly remove SIG remnant in utf-7 decoded string. (#718) (#716)

3.4.6 (2026-03-15)

Changed

• Flattened the logic in ...

  Description has been truncated