Bump selenium from 4.36.0 to 4.39.0

[dependabot]

Bumps selenium from 4.36.0 to 4.39.0.

Release notes

Sourced from selenium's releases.

Selenium 4.39.0

Detailed Changelogs by Component

Java     |     Python     |     DotNet     |     Ruby     |     JavaScript

What's Changed

• [atoms] fix text node children are always considered as displayed #16284 by @​joerg1985 in SeleniumHQ/selenium#16329
• [grid] Enhance UI with theme integration and improved status indicators by @​VietND96 in SeleniumHQ/selenium#16512
• [py][bidi]: add emulation command - set_locale_override by @​navin772 in SeleniumHQ/selenium#16504
• [py][bidi]: add emulation command set_scripting_enabled by @​navin772 in SeleniumHQ/selenium#16513
• [py] Update docstrings to google pydoc format by @​iampopovich in SeleniumHQ/selenium#16511
• [java][BiDi] implement browsingContext.downloadEnd event by @​Delta456 in SeleniumHQ/selenium#16347
• Fix typo and minor formatting changes in README.md by @​cgoldberg in SeleniumHQ/selenium#16523
• [py] Update docstrings (remove reST leftovers and resolve D200) by @​iampopovich in SeleniumHQ/selenium#16525
• [py] Fix docstring formatting and apply ruff linting rules by @​cgoldberg in SeleniumHQ/selenium#16527
• [py] Fix Ruff D417 warnings in docstrings by @​iampopovich in SeleniumHQ/selenium#16535
• [py] Fix ruff D415 warnings in docstrings by @​cgoldberg in SeleniumHQ/selenium#16536
• [py][bidi]: add set_screen_orientation_override command in Emulation by @​navin772 in SeleniumHQ/selenium#16522
• [py] Fix D205 ruff warnings for docstrings and add type hints by @​iampopovich in SeleniumHQ/selenium#16537
• [py][bidi]: add set_download_behavior command by @​navin772 in SeleniumHQ/selenium#16556
• [py] Bump pytest and dev dependencies by @​cgoldberg in SeleniumHQ/selenium#16572
• [bazel] Move rules_rust to bzlmod by @​shs96c in SeleniumHQ/selenium#16566
• [ci] Make a PR for updating mirror file instead of pushing directly to trunk by @​bonigarcia in SeleniumHQ/selenium#16579
• [ci] Update mirror info (2025-11-11T15:26:46Z) by @​github-actions[bot] in SeleniumHQ/selenium#16578
• [ci] Revert latest changes related to the mirror workflow by @​bonigarcia in SeleniumHQ/selenium#16580
• [java]: refactor request interception tests and handle CORS by @​navin772 in SeleniumHQ/selenium#16585
• [py][bidi]: enable download event tests for firefox by @​navin772 in SeleniumHQ/selenium#16587
• [py] Fix more type annotations by @​iampopovich in SeleniumHQ/selenium#16551
• [java][BiDi] implement emulation.setTimezoneOverride by @​Delta456 in SeleniumHQ/selenium#16530
• [grid] Minimum Docker API 1.44 for Docker Engine v29+ in Dynamic Grid by @​VietND96 in SeleniumHQ/selenium#16591
• Show file modification time by @​asolntsev in SeleniumHQ/selenium#16589
• [py][bidi]: add emulation command set_user_agent_override by @​navin772 in SeleniumHQ/selenium#16595
• [grid] Improve Docker client for Dynamic Grid by @​VietND96 in SeleniumHQ/selenium#16596
• [py]: reuse driver in case of bidi tests by @​navin772 in SeleniumHQ/selenium#16597
• [grid] Improve browser container labels and naming in Dynamic Grid by @​VietND96 in SeleniumHQ/selenium#16599
• [build] Upgrade rules_dotnet to 0.20.5 by @​nvborisenko in SeleniumHQ/selenium#16592
• [dotnet] [bidi] Simplify namespace for communications by @​nvborisenko in SeleniumHQ/selenium#16602
• [py] Improve type hints with union syntax and native types by @​cgoldberg in SeleniumHQ/selenium#16590
• [py] Use double quotes in generate.py by @​Delta456 in SeleniumHQ/selenium#16607
• [ci] Use pagination in mirror workflow to get all Selenium releases by @​bonigarcia in SeleniumHQ/selenium#16605
• [dotnet] Generate atoms statically by @​nvborisenko in SeleniumHQ/selenium#16608
• [nodejs] Update dev dependencies to fix vulnerabilities by @​cgoldberg in SeleniumHQ/selenium#16610
• [java][BiDi] emulation: allow passing null to GeolocationOverride by @​Delta456 in SeleniumHQ/selenium#16594

... (truncated)

Commits

• 126f156 [build] Prepare for release of Selenium 4.39.0 (#16672)
• 080c81f fix flaky Ruby test devtools_spec.rb
• 87fef04 [dotnet] [bidi] Remove browsing scoped events at core level (#16694)
• d9d1d79 [dotnet] [bidi] Always provide new json options for modules (#16691)
• 54f45d3 [dotnet] [bidi] BrowsingContext type as record with equality (#16692)
• fab7984 [py] Bump urllib3 in packaging and dev dependencies (#16690)
• fb859ad [dotnet] [bidi] Stateful converters with hydration (#16670)
• cfd57e3 Revert "[java] use --enable-chrome-logs to redirect browser I/O streams"
• efe5a4f [java] Add JSpecify annotations to ChromiumDriver (Issue #14291) (#16628)
• 9667310 [java] avoid ClassCastException for unexpected driver responses #16389
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
pip/certifi	2025.11.12	🟢 6.8	Details Check Score Reason Code-Review 🟢 4 Found 2/5 approved changesets -- score normalized to 4 Binary-Artifacts 🟢 10 no binaries found in the repo Maintained 🟢 10 16 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Packaging 🟢 10 packaging workflow detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/selenium	4.39.0	🟢 3.2	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 5 Found 17/30 approved changesets -- score normalized to 5 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected License 🟢 10 license file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy 🟢 9 security policy file detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Binary-Artifacts ⚠️ 0 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 3 SAST tool is not run on all commits -- score normalized to 3 Vulnerabilities 🟢 8 2 existing vulnerabilities detected
pip/trio	0.32.0	🟢 6.4	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 8/9 approved changesets -- score normalized to 8 Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Packaging 🟢 10 packaging workflow detected Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 9 1 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/typing-extensions	4.15.0	🟢 7.4	Details Check Score Reason Code-Review 🟢 9 Found 25/27 approved changesets -- score normalized to 9 Maintained 🟢 10 27 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 License 🟢 9 license file detected Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0

Scanned Files

• poetry.lock