Skip to content

Bump the pip-dependencies group in /.github/workflows with 2 updates#592

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/dot-github/workflows/pip-dependencies-362efbedbe
Open

Bump the pip-dependencies group in /.github/workflows with 2 updates#592
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/dot-github/workflows/pip-dependencies-362efbedbe

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 1, 2026

Bumps the pip-dependencies group in /.github/workflows with 2 updates: pip and poetry.

Updates pip from 25.3 to 26.0

Changelog

Sourced from pip's changelog.

26.0 (2026-01-30)

Deprecations and Removals

  • Remove support for non-bare project names in egg fragments. Affected users should use the Direct URL requirement syntax <https://packaging.python.org/en/latest/specifications/version-specifiers/#direct-references>. ([#13157](https://github.com/pypa/pip/issues/13157) <https://github.com/pypa/pip/issues/13157>)

Features

  • Display pip's command-line help in colour, if possible. ([#12134](https://github.com/pypa/pip/issues/12134) <https://github.com/pypa/pip/issues/12134>_)

  • Support installing dependencies declared with inline script metadata (:pep:723) with --requirements-from-script. ([#12891](https://github.com/pypa/pip/issues/12891) <https://github.com/pypa/pip/issues/12891>_)

  • Add --all-releases and --only-final options to control pre-release and final release selection during package installation. ([#13221](https://github.com/pypa/pip/issues/13221) <https://github.com/pypa/pip/issues/13221>_)

  • Add --uploaded-prior-to option to only consider packages uploaded prior to a given datetime when the upload-time field is available from a remote index. ([#13625](https://github.com/pypa/pip/issues/13625) <https://github.com/pypa/pip/issues/13625>_)

  • Add --use-feature inprocess-build-deps to request that build dependencies are installed within the same pip install process. This new mechanism is faster, supports --no-clean and --no-cache-dir reliably, and supports prompting for authentication.

    Enabling this feature will also enable --use-feature build-constraints. This feature will become the default in a future pip version. ([#9081](https://github.com/pypa/pip/issues/9081) <https://github.com/pypa/pip/issues/9081>_)

  • pip cache purge and pip cache remove now clean up empty directories and legacy files left by older pip versions. ([#9058](https://github.com/pypa/pip/issues/9058) <https://github.com/pypa/pip/issues/9058>_)

Bug Fixes

  • Fix selecting pre-release versions when only pre-releases match. For example, package>1.0 with versions 1.0, 2.0rc1 now installs 2.0rc1 instead of failing. ([#13746](https://github.com/pypa/pip/issues/13746) <https://github.com/pypa/pip/issues/13746>_)
  • Revisions in version control URLs now must be percent-encoded. For example, use git+https://example.com/repo.git@issue%231 to specify the branch issue#1. If you previously used a branch name containing a % character in a version control URL, you now need to replace it with %25 to ensure correct percent-encoding. ([#13407](https://github.com/pypa/pip/issues/13407) <https://github.com/pypa/pip/issues/13407>_)
  • Preserve original casing when a path is displayed. ([#6823](https://github.com/pypa/pip/issues/6823) <https://github.com/pypa/pip/issues/6823>_)
  • Fix bash completion when the $IFS variable has been modified from its default. ([#13555](https://github.com/pypa/pip/issues/13555) <https://github.com/pypa/pip/issues/13555>_)
  • Precompute Python requirements on each candidate, reducing time of long resolutions. ([#13656](https://github.com/pypa/pip/issues/13656) <https://github.com/pypa/pip/issues/13656>_)
  • Skip redundant work converting version objects to strings when using the importlib.metadata backend. ([#13660](https://github.com/pypa/pip/issues/13660) <https://github.com/pypa/pip/issues/13660>_)
  • Fix pip index versions to honor only-binary/no-binary options. ([#13682](https://github.com/pypa/pip/issues/13682) <https://github.com/pypa/pip/issues/13682>_)
  • Fix fallthrough logic for options, allowing overriding global options with defaults from user config. ([#13703](https://github.com/pypa/pip/issues/13703) <https://github.com/pypa/pip/issues/13703>_)
  • Use a path-segment prefix comparison, not char-by-char. ([#13777](https://github.com/pypa/pip/issues/13777) <https://github.com/pypa/pip/issues/13777>_)

Vendored Libraries

... (truncated)

Commits

Updates poetry from 2.2.1 to 2.3.1

Release notes

Sourced from poetry's releases.

2.3.1

Fixed

  • Fix an issue where cached information about each package was always considered outdated (#10699).

Docs

  • Document SHELL_VERBOSITY environment variable (#10678).

2.3.0

Added

  • Add support for exporting pylock.toml files with poetry-plugin-export (#10677).
  • Add support for specifying build constraints for dependencies (#10388).
  • Add support for publishing artifacts whose version is determined dynamically by the build-backend (#10644).
  • Add support for editable project plugins (#10661).
  • Check requires-poetry before any other validation (#10593).
  • Validate the content of project.readme when running poetry check (#10604).
  • Add the option to clear all caches by making the cache name in poetry cache clear optional (#10627).
  • Automatically update the cache for packages where the locked files differ from cached files (#10657).
  • Suggest to clear the cache if running a command with --no-cache solves an issue (#10585).
  • Propose poetry init when trying poetry new for an existing directory (#10563).
  • Add support for poetry publish --skip-existing for new Nexus OSS versions (#10603).
  • Show Poetry's own Python's path in poetry debug info (#10588).

Changed

  • Drop support for Python 3.9 (#10634).
  • Change the default of installer.re-resolve from true to false (#10622).
  • PEP 735 dependency groups are considered in the lock file hash (#10621).
  • Deprecate poetry.utils._compat.metadata, which is sometimes used in plugins, in favor of importlib.metadata (#10634).
  • Improve managing free-threaded Python versions with poetry python (#10606).
  • Prefer JSON API to HTML API in legacy repositories (#10672).
  • When running poetry init, only add the readme field in the pyproject.toml if the readme file exists (#10679).
  • Raise an error if no hash can be determined for any distribution link of a package (#10673).
  • Require dulwich>=0.25.0 (#10674).

Fixed

  • Fix an issue where poetry remove did not work for PEP 735 dependency groups with include-group items (#10587).
  • Fix an issue where poetry remove caused dangling include-group references in PEP 735 dependency groups (#10590).
  • Fix an issue where poetry add did not work for PEP 735 dependency groups with include-group items (#10636).
  • Fix an issue where PEP 735 dependency groups were not considered in the lock file hash (#10621).
  • Fix an issue where wrong markers were locked for a dependency that was required by several groups with different markers (#10613).
  • Fix an issue where non-deterministic markers were created in a method used by poetry-plugin-export (#10667).
  • Fix an issue where wrong wheels were chosen for installation in free-threaded Python environments if Poetry itself was not installed with free-threaded Python (#10614).
  • Fix an issue where poetry publish used the metadata of the project instead of the metadata of the build artifact (#10624).
  • Fix an issue where poetry env use just used another Python version instead of failing when the requested version was not supported by the project (#10685).
  • Fix an issue where poetry env activate returned the wrong command for dash (#10696).
  • Fix an issue where data-dir and python.installation-dir could not be set (#10595).

... (truncated)

Changelog

Sourced from poetry's changelog.

[2.3.1] - 2026-01-20

Fixed

  • Fix an issue where cached information about each package was always considered outdated (#10699).

Docs

  • Document SHELL_VERBOSITY environment variable (#10678).

[2.3.0] - 2026-01-18

Added

  • Add support for exporting pylock.toml files with poetry-plugin-export (#10677).
  • Add support for specifying build constraints for dependencies (#10388).
  • Add support for publishing artifacts whose version is determined dynamically by the build-backend (#10644).
  • Add support for editable project plugins (#10661).
  • Check requires-poetry before any other validation (#10593).
  • Validate the content of project.readme when running poetry check (#10604).
  • Add the option to clear all caches by making the cache name in poetry cache clear optional (#10627).
  • Automatically update the cache for packages where the locked files differ from cached files (#10657).
  • Suggest to clear the cache if running a command with --no-cache solves an issue (#10585).
  • Propose poetry init when trying poetry new for an existing directory (#10563).
  • Add support for poetry publish --skip-existing for new Nexus OSS versions (#10603).
  • Show Poetry's own Python's path in poetry debug info (#10588).

Changed

  • Drop support for Python 3.9 (#10634).
  • Change the default of installer.re-resolve from true to false (#10622).
  • PEP 735 dependency groups are considered in the lock file hash (#10621).
  • Deprecate poetry.utils._compat.metadata, which is sometimes used in plugins, in favor of importlib.metadata (#10634).
  • Improve managing free-threaded Python versions with poetry python (#10606).
  • Prefer JSON API to HTML API in legacy repositories (#10672).
  • When running poetry init, only add the readme field in the pyproject.toml if the readme file exists (#10679).
  • Raise an error if no hash can be determined for any distribution link of a package (#10673).
  • Require dulwich>=0.25.0 (#10674).

Fixed

  • Fix an issue where poetry remove did not work for PEP 735 dependency groups with include-group items (#10587).
  • Fix an issue where poetry remove caused dangling include-group references in PEP 735 dependency groups (#10590).
  • Fix an issue where poetry add did not work for PEP 735 dependency groups with include-group items (#10636).
  • Fix an issue where PEP 735 dependency groups were not considered in the lock file hash (#10621).
  • Fix an issue where wrong markers were locked for a dependency that was required by several groups with different markers (#10613).
  • Fix an issue where non-deterministic markers were created in a method used by poetry-plugin-export (#10667).
  • Fix an issue where wrong wheels were chosen for installation in free-threaded Python environments if Poetry itself was not installed with free-threaded Python (#10614).
  • Fix an issue where poetry publish used the metadata of the project instead of the metadata of the build artifact (#10624).

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the pip-dependencies group in /.github/workflows with 2 updates
e2fc4e4 
Bumps the pip-dependencies group in /.github/workflows with 2 updates: [pip](https://github.com/pypa/pip) and [poetry](https://github.com/python-poetry/poetry).


Updates `pip` from 25.3 to 26.0
- [Changelog](https://github.com/pypa/pip/blob/main/NEWS.rst)
- [Commits](pypa/pip@25.3...26.0)

Updates `poetry` from 2.2.1 to 2.3.1
- [Release notes](https://github.com/python-poetry/poetry/releases)
- [Changelog](https://github.com/python-poetry/poetry/blob/main/CHANGELOG.md)
- [Commits](python-poetry/poetry@2.2.1...2.3.1)

---
updated-dependencies:
- dependency-name: pip
  dependency-version: '26.0'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: pip-dependencies
- dependency-name: poetry
  dependency-version: 2.3.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pip-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Feb 1, 2026
@codecov
Copy link

codecov bot commented Feb 1, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 99.26%. Comparing base (44869d2) to head (e2fc4e4).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #592   +/-   ##
=======================================
  Coverage   99.26%   99.26%           
=======================================
  Files           9        9           
  Lines         682      682           
  Branches       63       63           
=======================================
  Hits          677      677           
  Misses          2        2           
  Partials        3        3

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants