Skip to content

Bump the python-dependencies group with 10 updates#28

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/python-dependencies-41fb10938f
Open

Bump the python-dependencies group with 10 updates#28
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/python-dependencies-41fb10938f

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 7, 2026

Copy link
Copy Markdown

Updates the requirements on setuptools, sentence-transformers, transformers, pytest, pytest-asyncio, ruff, pip-audit, build, mkdocs and mkdocs-material to permit the latest version.
Updates setuptools to 83.0.0

Changelog

Sourced from setuptools's changelog.

v83.0.0

Features

  • Require Python 3.10 or later.

Bugfixes

  • MANIFEST.in matching (via FileList) is now insensitive to Unicode normalization form. A pattern authored in one form (e.g. NFC, as typically saved by editors) now matches a file whose name is stored on disk in another (e.g. NFD, as produced by macOS APFS/HFS+). Previously an exclude, global-exclude, recursive-exclude, or prune rule could silently fail to drop a non-ASCII-named file from the source distribution, publishing it despite the exclusion -- see GHSA-h35f-9h28-mq5c.

Deprecations and Removals

  • pypa/distutils#334

v82.0.1

Bugfixes

  • Fix the loading of launcher manifest.xml file. (#5047)
  • Replaced deprecated json.__version__ with fixture in tests. (#5186)

Improved Documentation

  • Add advice about how to improve predictability when installing sdists. (#5168)

Misc

v82.0.0

... (truncated)

Commits
  • 6519f72 Bump version: 82.0.1 → 83.0.0
  • d1151b1 Merge pull request #5250 from pypa/feature/distutils-d7633fbed
  • a2df31e Capture removal of dry_run parameter in changelog.
  • 00144dc Moved newsfragment to the release where it occurred.
  • a4a5a2b Add news fragment.
  • 77470c2 Merge https://github.com/pypa/distutils into feature/distutils-d7633fbed
  • 3c43897 Merge pull request #5247 from pypa/copilot/fix-pypy-version-issue
  • bb6ea66 Bump PyPy from 3.10 to 3.11 in CI workflow
  • a2bc3ac Fix broken intersphinx reference to build's installation docs
  • 2d6a739 Use stacked parametrize decorators instead of itertools.product
  • Additional commits viewable in compare view

Updates sentence-transformers to 5.6.0

Release notes

Sourced from sentence-transformers's releases.

v5.6.0 - Fixes for Causal LM Rerankers, Hard-Negative Mining, and More

This minor version is a correctness- and robustness-focused release. It fixes a silent scoring bug for causal-LM rerankers, corrects several hard-negative mining and GIST loss edge cases, restores TSDAE on transformers v5, and adds Apple Silicon (MPS) support for the cached losses.

The headline fix affects chat-template models that read the final token position, i.e. causal-LM rerankers (like Qwen3-Reranker) and last-token-pooling embedders: when an over-long input was truncated, the chat template's trailing suffix (e.g. the assistant prefill the model scores from) was silently dropped, producing wrong scores with no error. There's also a forward-looking deprecation: loading local custom code without trust_remote_code=True now warns, and will require it from v6.0.

Install this version with

# Training + Inference
pip install sentence-transformers[train]==5.6.0
Inference only, use one of:
pip install sentence-transformers==5.6.0
pip install sentence-transformers[onnx-gpu]==5.6.0
pip install sentence-transformers[onnx]==5.6.0
pip install sentence-transformers[openvino]==5.6.0
Multimodal dependencies (optional):
pip install sentence-transformers[image]==5.6.0
pip install sentence-transformers[audio]==5.6.0
pip install sentence-transformers[video]==5.6.0
Or combine as needed:
pip install sentence-transformers[train,onnx,image]==5.6.0

Fixed silently wrong scores when truncation drops chat-template suffixes (#3787)

Chat-template models render the full conversation to a flat string before tokenizing, so when the rendered input is longer than the tokenizer's model_max_length, the tokenizer truncates it from the right and drops the template's trailing suffix: the fixed tokens a template appends after the content, e.g. a prompt, instruction, [/INST], or a trailing EOS. For models that read the final token position, this silently corrupted the result:

  • causal-LM rerankers (e.g. Qwen/Qwen3-Reranker-0.6B) score a pair from the last token's yes/no logits, and
  • last-token-pooling embedders read the final hidden state.

When the suffix was truncated away, that final position landed mid-document instead of after the prefill, so the score or embedding came from the wrong place.

Transformer.preprocess now detects when truncation drops the suffix and splices it back onto the tail of each truncated row. Because the fix lives in the shared base Transformer, it applies across SentenceTransformer, CrossEncoder, and SparseEncoder. It's enabled by default and saved to the model configuration. Pass processing_kwargs={"chat_template": {"restore_suffix": False}} to opt back into raw truncation.

Hard-negative mining and GIST loss correctness (#3821, #3817, #3816)

A trio of correctness and scalability fixes for hard-negative mining and the GIST losses:

  • Sign-independent relative margin: mine_hard_negatives(relative_margin=...) and the margin_strategy="relative" branch of GISTEmbedLoss / CachedGISTEmbedLoss used a multiplicative threshold (positive * (1 - margin)) that only behaves correctly when the positive-pair similarity is positive. When that similarity was negative, the threshold moved the wrong way and let through false negatives: candidates more similar to the anchor than the true positive. The threshold is now positive - |positive| * margin, identical to before for positive scores but correct for negative ones.
  • Distributed positive masking in the GIST losses: with gather_across_devices=True and a non-zero margin, the false-negative suppression mask protected the wrong columns on ranks beyond the first (it ignored the per-rank offset into the gathered batch), which set the true positive's logit to -inf and produced a +inf loss. The mask now accounts for the cross-rank offset, so multi-GPU GIST training stays finite.
  • Memory-bounded mining without FAISS: mine_hard_negatives(use_faiss=False) (the default) materialized the full (queries × corpus) similarity matrix at once, which could OOM on large corpora. It now batches over the query axis (controlled by faiss_batch_size, default 16384), bounding peak memory while producing identical results.

TSDAE weight tying restored on transformers v5 (#3781)

transformers v5 removed the private PreTrainedModel._tie_encoder_decoder_weights helper that DenoisingAutoEncoderLoss (TSDAE) used to tie its separate encoder and decoder. As a stopgap, v5.5 raised a RuntimeError for the default tie_encoder_decoder=True on transformers >= 5.0.0, effectively breaking TSDAE there unless you pinned an older transformers or disabled tying. TSDAE now ships its own tying routine that shares storage between encoder and decoder, so it works on both transformers <5 and >=5 with the default settings.

Deprecation: loading local custom code without trust_remote_code (#3807)

... (truncated)

Commits
  • 9c73df3 Release v5.6.0
  • 222b052 [fix] Don't override device_map placement with the device argument (#3823)
  • a38a6bf Fix causal LM reranker scoring when max_length truncates chat-template suffix...
  • 1812103 [fix] Make relative margin sign-independent in mining and GIST losses (#3821)
  • ae1acc3 Warn when loading local custom code without trust_remote_code (#3807)
  • 429cf5d [fix] Support MPS in the cached losses' RandContext (#3812)
  • 77fdbff [fix] fix MPS errors (#3818)
  • bfba988 [fix] Fix positive masking in GIST losses with multi-GPU + gather_across_devi...
  • 29e382b [docs] Fix doc build problems (part 1) (#3811)
  • d16e6bf [fix] Avoid materializing the full similarity matrix in mine_hard_negatives w...
  • Additional commits viewable in compare view

Updates transformers to 5.13.0

Release notes

Sourced from transformers's releases.

Release v5.13.0

New Model additions

KimiK 2.5, 2.6, and 2.7

This release includes the architecture for Kimi 2.5 which is used by 2.5-2.7:

Kimi K2.5 is an open-source, native multimodal agentic model that advances practical capabilities in long-horizon coding, coding-driven design, proactive autonomous execution, and swarm-based task orchestration. The model was proposed in Kimi K2.5: Visual Agentic Intelligence and further improved in [Kimi K2.6: Advancing Open-Source Coding](https://github.com/huggingface/transformers/blob/HEAD/Kimi K2.5: Visual Agentic Intelligence).

Kimi K2.5 achieves significant improvements on complex, end-to-end coding tasks, generalizing robustly across programming languages (Rust, Go, Python) and domains spanning front-end, DevOps, and performance optimization. The model is capable of transforming simple prompts and visual inputs into production-ready interfaces and lightweight full-stack workflows, generating structured layouts, interactive elements, and rich animations with deliberate aesthetic precision.

Links: Documentation

MiMo-V2-Flash

MiMo-V2-Flash is a Mixture-of-Experts (MoE) language model developed by the Xiaomi MiMo team. Designed to establish a new balance between long-context modeling capabilities and inference efficiency, the model is built for strong performance in complex reasoning and agentic tasks. Trained on 27T tokens with native 32k sequence lengths, MiMo-V2-Flash seamlessly supports an extended 256K context window while significantly reducing KV-cache storage compared to standard global attention models.

Links: Documentation

Nemotron 3.5 ASR

Nemotron 3.5 ASR is a 600M-parameter multilingual speech recognition model from NVIDIA, built for high-quality transcription in both low-latency streaming and high-throughput batch settings, with native punctuation and capitalization. For streaming, it offers configurable chunk sizes—80ms, 160ms, 560ms, and 1120ms, letting users trade off latency against accuracy to suit their application. Its cache-aware FastConformer-RNNT architecture is central to this capability: unlike traditional buffered streaming, which repeatedly reprocesses overlapping audio windows, the model processes only each new incoming chunk while reusing cached encoder context from prior chunks. This eliminates redundant computation, significantly improves efficiency, and minimizes end-to-end delay without sacrificing accuracy, making it well suited to real-time transcription workloads.

Links: Documentation

NemotronAsrStreaming

Nemotron ASR Streaming is a 600M-parameter English speech recognition model from NVIDIA, built for high-quality transcription in both low-latency streaming and high-throughput batch settings, with native punctuation and capitalization. For streaming, it offers configurable chunk sizes—80ms, 160ms, 560ms, and 1120ms, letting users trade off latency against accuracy to suit their application. Its cache-aware FastConformer-RNNT architecture is central to this capability: unlike traditional buffered streaming, which repeatedly reprocesses overlapping audio windows, the model processes only each new incoming chunk while reusing cached encoder context from prior chunks. This eliminates redundant computation, significantly improves efficiency, and minimizes end-to-end delay without sacrificing accuracy, making it well suited to real-time transcription workloads.

Links: Documentation

Qwen3 ASR

Qwen3 ASR is an automatic speech recognition model from Alibaba's Qwen team that combines a Whisper-style audio encoder with a Qwen3 language model decoder for speech-to-text transcription. The model supports automatic language detection and multilingual transcription.

A forced aligner model is also included. It can be used to timestamp a provided transcript and its audio. It uses the same audio encoder model with a classification head that predicts a word's length. This model can be used with the transcript from any ASR model (see the example below with Parakeet CTC).

... (truncated)

Commits

Updates pytest to 9.1.1

Release notes

Sourced from pytest's releases.

9.1.1

pytest 9.1.1 (2026-06-19)

Bug fixes

  • #14220: Fixed a logic bug in pytest.RaisesGroup which would might cause it to display incorrect "It matches FooError() which was paired with BarError" messages.
  • #14591: Fixed a regression in pytest 9.1.0 which caused overriding a parametrized fixture with an indirect @​pytest.mark.parametrize to fail with "duplicate parametrization of '<fixture name>'".
  • #14606: Fixed list-item typing errors from mypy in @pytest.mark.parametrize <pytest.mark.parametrize ref> argvalues parameter.
  • #14608: Fixed a regression in pytest 9.1.0 where conftest.py files located in <invocation dir>/test* were no longer loaded as initial conftests when invoked without arguments. This could cause certain hooks (like pytest_addoption) in these files to not fire.
Commits
  • cf470ec Prepare release version 9.1.1
  • e0c8ce6 Merge pull request #14625 from pytest-dev/patchback/backports/9.1.x/a07c31a97...
  • 1b82d16 Merge pull request #14624 from pytest-dev/patchback/backports/9.1.x/b375b79ec...
  • 501c4bc Merge pull request #14596 from bluetech/doc-classmethod
  • b61f588 Merge pull request #14622 from chrisburr/fix-14608-initial-conftest-test-subdir
  • 9a567e0 [automated] Update plugin list (#14617) (#14618)
  • ef8b299 Merge pull request #14620 from pytest-dev/patchback/backports/9.1.x/680f9f3ed...
  • 66abd07 Merge pull request #14220 from bysiber/fix-stale-iexp-raisesgroup
  • 79fbf93 Merge pull request #14612 from pytest-dev/patchback/backports/9.1.x/974ed48b6...
  • 0d312eb Merge pull request #14611 from bluetech/parametrize-argvalues-typing
  • Additional commits viewable in compare view

Updates pytest-asyncio to 1.4.0

Release notes

Sourced from pytest-asyncio's releases.

pytest-asyncio v1.4.0

1.4.0 - 2026-05-26

Deprecated

  • Overriding the event_loop_policy fixture is deprecated. Use the pytest_asyncio_loop_factories hook instead. (#1419)

Added

  • Added the pytest_asyncio_loop_factories hook to parametrize asyncio tests with custom event loop factories.

    The hook returns a mapping of factory names to loop factories, and pytest.mark.asyncio(loop_factories=[...]) selects a subset of configured factories per test. When a single factory is configured, test names are unchanged.

    Synchronous @pytest_asyncio.fixture functions now see the correct event loop when custom loop factories are configured, even when test code disrupts the current event loop (e.g., via asyncio.run() or asyncio.set_event_loop(None)). (#1164)

Changed

  • Improved the readability of the warning message that is displayed when asyncio_default_fixture_loop_scope is unset (#1298)
  • Only import asyncio.AbstractEventLoopPolicy for type checking to avoid raising a DeprecationWarning. (#1394)
  • Updated minimum supported pytest version to v8.4.0. (#1397)

Fixed

  • Fixed a ResourceWarning: unclosed event loop warning that could occur when a synchronous test called asyncio.run() or otherwise unset the current event loop after pytest-asyncio had run an async test or fixture. (#724)

Notes for Downstream Packagers

  • Added dependency on sphinx-tabs >= 3.5 to organize documentation examples into tabs. (#1395)
Commits
  • 6e14cd2 chore: Prepare release of v1.4.0.
  • 4b900fb Build(deps): Bump codecov/codecov-action from 6.0.0 to 6.0.1
  • ab9f632 Build(deps): Bump zipp from 3.23.1 to 4.1.0
  • a56fc77 Build(deps): Bump hypothesis from 6.152.6 to 6.152.8
  • e8bae9b Build(deps): Bump requests from 2.34.0 to 2.34.2
  • fc43340 Build(deps): Bump idna from 3.14 to 3.15
  • 762eaf5 Build(deps): Bump jaraco-functools from 4.4.0 to 4.5.0
  • b62e222 Build(deps): Bump click from 8.3.3 to 8.4.0
  • 9190447 Build(deps): Bump pydantic from 2.13.3 to 2.13.4
  • 82a393c ci: Remove unnecessary debug output.
  • Additional commits viewable in compare view

Updates ruff to 0.15.20

Release notes

Sourced from ruff's releases.

0.15.20

Release Notes

Released on 2026-06-25.

Preview features

  • Allow human-readable names in rule selectors (#25887)
  • Emit a warning instead of an error for unknown rule selectors (#26113)
  • Match noqa shebang handling in ruff:ignore comments (#26286)
  • [ruff] Remove pytest-fixture-autouse (RUF076) (#26240, #26371)

Documentation

  • Add versioning sections to custom crate READMEs (#26317)
  • Update ruff_python_parser README for crates.io (#26315)
  • [perflint] Clarify that PERF402 applies to any iterable (#26242)

Contributors

Install ruff 0.15.20

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ruff/releases/download/0.15.20/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/ruff/releases/download/0.15.20/ruff-installer.ps1 | iex"

Download ruff 0.15.20

File Platform Checksum
ruff-aarch64-apple-darwin.tar.gz Apple Silicon macOS checksum
ruff-x86_64-apple-darwin.tar.gz Intel macOS checksum
ruff-aarch64-pc-windows-msvc.zip ARM64 Windows checksum
ruff-i686-pc-windows-msvc.zip x86 Windows checksum
ruff-x86_64-pc-windows-msvc.zip x64 Windows checksum
ruff-aarch64-unknown-linux-gnu.tar.gz ARM64 Linux checksum
ruff-i686-unknown-linux-gnu.tar.gz x86 Linux checksum

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.20

Released on 2026-06-25.

Preview features

  • Allow human-readable names in rule selectors (#25887)
  • Emit a warning instead of an error for unknown rule selectors (#26113)
  • Match noqa shebang handling in ruff:ignore comments (#26286)
  • [ruff] Remove pytest-fixture-autouse (RUF076) (#26240, #26371)

Documentation

  • Add versioning sections to custom crate READMEs (#26317)
  • Update ruff_python_parser README for crates.io (#26315)
  • [perflint] Clarify that PERF402 applies to any iterable (#26242)

Contributors

0.15.19

Released on 2026-06-23.

Preview features

  • Support human-readable names when hovering suppression comments and in code actions (#26114)

Bug fixes

  • Fall back to default settings when editor-only settings are invalid (#26244)
  • Fix panic when inserting text at a notebook cell boundary (#26111)

Rule changes

  • [pylint] Update fix suggestions for __floor__, __trunc__, __length_hint__, and __matmul__ variants (PLC2801) (#26239)

Performance

  • Avoid allocating when parsing single string literals (#26200)
  • Avoid reallocating singleton call arguments (#26223)
  • Lazily create source files for lint diagnostics (#26226)
  • Optimize formatter text width and indentation (#26236)
  • Reserve capacity for builtin bindings (#26229)
  • Skip repeated-key checks for singleton dictionaries (#26228)
  • Use ArrayVec for qualified name segments (#26224)

... (truncated)

Commits
  • f82a36b Bump 0.15.20 (#26376)
  • af32943 Improve the summarise-ecosystem-results skill (#26378)
  • 485ebab Remove RUF076 name from schema (#26371)
  • ef81835 [ty] Implement rust-analyzer's "Click for full compiler diagnostic" feature (...
  • 572b31e [ruff] Remove pytest-fixture-autouse (RUF076) (#26240)
  • f703f21 Allow human-readable names in rule selectors (#25887)
  • 0d726b2 [ty] Reuse equality semantics for membership compatibility (#25955)
  • dbe6e98 [ty] Infer definite equality comparison results (#26337)
  • e700ea3 [ty] Prove TypedDict structural patterns exhaustive (#26285)
  • 6a0d2ec [ty] Widen inferred class-valued instance attributes (#26338)
  • Additional commits viewable in compare view

Updates pip-audit to 2.10.1

Release notes

Sourced from pip-audit's releases.

v2.10.1

Fixed

  • Fixed a KeyError crash when an OSV vulnerability record contains an affected entry that omits the optional ranges field (#1046)
Changelog

Sourced from pip-audit's changelog.

[2.10.1]

Fixed

  • Fixed a KeyError crash when an OSV vulnerability record contains an affected entry that omits the optional ranges field (#1046)

[2.10.0]

Added

  • pip-audit now supports the --osv-url URL flag, which can be used to retrieve vulnerabilities from a custom OSV service. This is useful for organizations that host their own mirror of the OSV database, or that have custom OSV records (#810)

  • pip-audit now supports the Ecosyste.ms vulnerability service with --vulnerability-service=esms (#903).

Changed

  • The minimum version of Python is now 3.10 (#905)

Fixed

  • Fixed a bug where pip-audit would fail to parse pyproject.toml files containing TOML 1.0.0 features (#910)

  • CycloneDX JSON/XML output now correctly links vulnerabilities to their affected components via the affects field (#980)

[2.9.0]

Added

  • pip-audit now supports PEP 751 lockfiles. These lockfiles can be audited in "project" mode by passing --locked to pip-audit (#888)

[2.8.0]

Added

... (truncated)

Commits
  • 8894eb8 Merge pull request #1056 from pypa/copilot/release-2101
  • 1c625b7 Update version in README.md to 2.10.1
  • fd2094b Prep 2.10.1 release
  • 58d2488 build(deps): bump github/codeql-action from 4.35.2 to 4.36.1 (#1052)
  • 8df9420 build(deps): bump zizmorcore/zizmor-action from 0.5.3 to 0.5.6 (#1044)
  • 3f618d3 build(deps): bump actions/checkout from 6.0.2 to 6.0.3 (#1053)
  • 4849132 Restrict OIDC token to publish job (#1050)
  • c1eb69a Fix KeyError when OSV affected entry omits optional ranges field (#1046)
  • 68de07f Merge pull request #1054 from pypa/fix/1047
  • ef31c9e Formatting fixes
  • Additional commits viewable in compare view

Updates build to 1.5.0

Release notes

Sourced from build's releases.

1.5.0

What's Changed

Full Changelog: pypa/build@1.4.4...1.5.0

Changelog

Sourced from build's changelog.

#################### 1.5.0 (2026-04-30) ####################


Features


  • Drop Python 3.9 support - by :user:henryiii (:issue:1036)

Bugfixes


  • Make --ignore-installed opt-in from the API via fresh=True - by :user:henryiii (:issue:1056)

Miscellaneous


  • :issue:1033

#################### 1.4.4 (2026-04-22) ####################


Bugfixes


  • Fix release pipeline generating CHANGELOG.rst entries with inconsistent heading levels, which broke sphinx -W and pinned Read the Docs stable at 1.4.0 - by :user:gaborbernat. (:issue:1031)
  • Revert :pr:1039 from build 1.4.3, no longer check direct_url (for now) - by :user:henryiii (:issue:1039)
  • Add --ignore-installed to pip install command to prevent issues with packages already present in the isolated build environment - by :user:henryiii (:issue:1037) (:issue:1040)
  • Partial revert of :pr:973, keeping log messages in one entry, multiple lines. (:issue:1044)

Miscellaneous


  • :issue:1048, :issue:1049

#################### 1.4.3 (2026-04-10) ####################


Features


... (truncated)

Commits

Updates mkdocs to 1.6.1

Release notes

Sourced from mkdocs's releases.

1.6.1

Version 1.6.1 (Friday 30th August, 2024)

Fixed

  • Fix build error when environment variable SOURCE_DATE_EPOCH=0 is set. #3795
  • Fix build error when mkdocs_theme.yml config is empty. #3700
  • Support python -W and PYTHONWARNINGS instead of overriding the configuration. #3809
  • Support running with Docker under strict mode, by removing 0.0.0.0 dev server warning. #3784
  • Drop unnecessary changefreq from sitemap.xml. #3629
  • Fix JavaScript console error when closing menu dropdown. #3774
  • Fix JavaScript console error that occur on repeated clicks. #3730
  • Fix JavaScript console error that can occur on dropdown selections. #3694

Added

  • Added translations for Dutch. #3804
  • Added and updated translations for Chinese (Simplified). #3684
Commits

Updates mkdocs-material to 9.7.6

Release notes

Sourced from mkdocs-material's releases.

mkdocs-material-9.7.6

[!WARNING]

Material for MkDocs is in maintenance mode

Going forward, the Material for MkDocs team focuses on Zensical, a next-gen static site generator built from first principles. We will provide critical bug fixes and security updates for Material for MkDocs until November 2026.

Read the full announcement on our blog

Changes

  • Automatically disable MkDocs 2.0 warning for forks of MkDocs
Changelog

Sourced from mkdocs-material's changelog.

mkdocs-material-9.7.6 (2026-03-19)

  • Automatically disable MkDocs 2.0 warning for forks of MkDocs

mkdocs-material-9.7.5 (2026-03-10)

  • Limited version range of mkdocs to <2
  • Updated MkDocs 2.0 incompatibility warning (clarify relation with MkDocs)

mkdocs-material-9.7.4 (2026-03-03)

  • Hardened social cards plugin by switching to sandboxed environment
  • Updated MkDocs 2.0 incompatibility warning

mkdocs-material-9.7.3 (2026-02-24)

  • Fixed #8567: Print MkDocs 2.0 incompatibility warning to stderr

mkdocs-material-9.7.2 (2026-02-18)

  • Opened up version ranges of optional dependencies for forward-compatibility
  • Added warning to 'mkdocs build' about impending MkDocs 2.0 incompatibility

mkdocs-material-9.7.1 (2025-12-18)

  • Updated requests to 2.30+ to mitigate CVE in urllib
  • Fixed privacy plugin not picking up protocol-relative URLs
  • Fixed #8542: false positives and negatives captured in privacy plugin

mkdocs-material-9.7.0 (2025-11-11)

⚠️ Material for MkDocs is now in maintenance mode

This is the last release of Material for MkDocs that will receive new features. Going forward, the Material for MkDocs team focuses on Zensical, a next-gen static site generator built from first principles. We will provide critical bug fixes and security updates for Material for MkDocs for 12 months at least.

Read the full announcement on our blog: https://squidfunk.github.io/mkdocs-material/blog/2025/11/05/zensical/

This release includes all features that were previously exclusive to the Insiders edition. These features are now freely available to everyone.

Note on deprecated plugins: The projects and typeset plugins are included in this release, but must be considered deprecated. Both plugins proved unsustainable to maintain and represent architectural dead ends. They are provided as-is without ongoing support.

Changes:

... (truncated)

Commits
  • 6c52ed6 Prepare 9.7.6 release
  • 51d9b76 Automatically disable MkDocs 2.0 warning for forks of MkDocs
  • 6f9a48b Updated links
  • 00b9933 Prepare 9.7.5 release
  • 37683d1 Updated blog post on MkDocs 2.0
  • 199e315 Updated warning message to clarify relation to MkDocs
  • 1025833 Limited version range of mkdocs to <2
  • 1532f52 Added update log to blog post
  • d0c8b28 Updated dependencies to fix vulnerabilities
  • 71d4869 Updated blog post on MkDocs 2.0
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Updates the requirements on [setuptools](https://github.com/pypa/setuptools), [sentence-transformers](https://github.com/huggingface/sentence-transformers), [transformers](https://github.com/huggingface/transformers), [pytest](https://github.com/pytest-dev/pytest), [pytest-asyncio](https://github.com/pytest-dev/pytest-asyncio), [ruff](https://github.com/astral-sh/ruff), [pip-audit](https://github.com/pypa/pip-audit), [build](https://github.com/pypa/build), [mkdocs](https://github.com/mkdocs/mkdocs) and [mkdocs-material](https://github.com/squidfunk/mkdocs-material) to permit the latest version.

Updates `setuptools` to 83.0.0
- [Release notes](https://github.com/pypa/setuptools/releases)
- [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst)
- [Commits](pypa/setuptools@v64.0.0...v83.0.0)

Updates `sentence-transformers` to 5.6.0
- [Release notes](https://github.com/huggingface/sentence-transformers/releases)
- [Commits](huggingface/sentence-transformers@v5.5.0...v5.6.0)

Updates `transformers` to 5.13.0
- [Release notes](https://github.com/huggingface/transformers/releases)
- [Commits](huggingface/transformers@v5.8.1...v5.13.0)

Updates `pytest` to 9.1.1
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](pytest-dev/pytest@9.0.3...9.1.1)

Updates `pytest-asyncio` to 1.4.0
- [Release notes](https://github.com/pytest-dev/pytest-asyncio/releases)
- [Commits](pytest-dev/pytest-asyncio@v1.3.0...v1.4.0)

Updates `ruff` to 0.15.20
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.8.6...0.15.20)

Updates `pip-audit` to 2.10.1
- [Release notes](https://github.com/pypa/pip-audit/releases)
- [Changelog](https://github.com/pypa/pip-audit/blob/main/CHANGELOG.md)
- [Commits](pypa/pip-audit@v2.10.0...v2.10.1)

Updates `build` to 1.5.0
- [Release notes](https://github.com/pypa/build/releases)
- [Changelog](https://github.com/pypa/build/blob/main/CHANGELOG.rst)
- [Commits](pypa/build@1.2.2...1.5.0)

Updates `mkdocs` to 1.6.1
- [Release notes](https://github.com/mkdocs/mkdocs/releases)
- [Commits](mkdocs/mkdocs@1.5.3...1.6.1)

Updates `mkdocs-material` to 9.7.6
- [Release notes](https://github.com/squidfunk/mkdocs-material/releases)
- [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG)
- [Commits](squidfunk/mkdocs-material@9.5.9...9.7.6)

---
updated-dependencies:
- dependency-name: setuptools
  dependency-version: 83.0.0
  dependency-type: direct:development
  dependency-group: python-dependencies
- dependency-name: sentence-transformers
  dependency-version: 5.6.0
  dependency-type: direct:production
  dependency-group: python-dependencies
- dependency-name: transformers
  dependency-version: 5.13.0
  dependency-type: direct:production
  dependency-group: python-dependencies
- dependency-name: pytest
  dependency-version: 9.1.1
  dependency-type: direct:production
  dependency-group: python-dependencies
- dependency-name: pytest-asyncio
  dependency-version: 1.4.0
  dependency-type: direct:production
  dependency-group: python-dependencies
- dependency-name: ruff
  dependency-version: 0.15.20
  dependency-type: direct:production
  dependency-group: python-dependencies
- dependency-name: pip-audit
  dependency-version: 2.10.1
  dependency-type: direct:production
  dependency-group: python-dependencies
- dependency-name: build
  dependency-version: 1.5.0
  dependency-type: direct:production
  dependency-group: python-dependencies
- dependency-name: mkdocs
  dependency-version: 1.6.1
  dependency-type: direct:production
  dependency-group: python-dependencies
- dependency-name: mkdocs-material
  dependency-version: 9.7.6
  dependency-type: direct:production
  dependency-group: python-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Jul 7, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants