Skip to content

Bump the ci-constraints group across 1 directory with 4 updates#35

Merged
matajoh merged 1 commit into
mainfrom
dependabot/pip/ci/ci-constraints-27f7d52bd4
Jun 10, 2026
Merged

Bump the ci-constraints group across 1 directory with 4 updates#35
matajoh merged 1 commit into
mainfrom
dependabot/pip/ci/ci-constraints-27f7d52bd4

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 10, 2026

Copy link
Copy Markdown
Contributor

Warning

Dependabot will stop supporting python v3.9!

Please upgrade to one of the following versions: v3.9, v3.10, v3.11, v3.12, v3.13, or v3.14.

Bumps the ci-constraints group with 4 updates in the /ci directory: cyclonedx-python-lib, idna, snowballstemmer and beautifulsoup4.

Updates cyclonedx-python-lib from 11.7.0 to 11.9.0

Release notes

Sourced from cyclonedx-python-lib's releases.

v11.9.0 (2026-06-08)

Features

  • Add support for license expression details (#908, b502381)

What's Changed

Full Changelog: CycloneDX/cyclonedx-python-lib@v11.8.0...v11.9.0

v11.8.0 (2026-06-04)

Documentation

Features

  • Add support CycloneDX 1.7.1 & 1.6.2 & 1.5.1 (#985, 303889b)

  • Pull SPDX license IDs v1.1-3.28.0 (#986, 42ff044)

What's Changed

Full Changelog: CycloneDX/cyclonedx-python-lib@v11.7.0...v11.8.0

... (truncated)

Changelog

Sourced from cyclonedx-python-lib's changelog.

v11.9.0 (2026-06-08)

Features

  • Add support for license expression details (#908, b502381)

v11.8.0 (2026-06-04)

Documentation

Features

  • Add support CycloneDX 1.7.1 & 1.6.2 & 1.5.1 (#985, 303889b)

  • Pull SPDX license IDs v1.1-3.28.0 (#986, 42ff044)

Commits
  • 150777e chore(release): 11.9.0
  • b502381 feat: add support for license expression details (#908)
  • 2ce770f chore(deps): update m2r2 requirement from >=0.3.2 to >=0.3.4 (#970)
  • 5854695 chore(deps): bump snok/install-poetry from 1.4.1 to 1.4.2 (#990)
  • e537812 chore(release): 11.8.0
  • 42ff044 feat: pull SPDX license IDs v1.1-3.28.0 (#986)
  • 590402a chore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.1 (#963)
  • 051abce chore(deps): bump actions/download-artifact from 7.0.0 to 8.0.1 (#964)
  • bc961ef chore(deps): bump actions/create-github-app-token from 3.1.1 to 3.2.0 (#982)
  • 303889b feat: add support CycloneDX 1.7.1 & 1.6.2 & 1.5.1 (#985)
  • Additional commits viewable in compare view

Updates idna from 3.16 to 3.18

Changelog

Sourced from idna's changelog.

3.18 (2026-06-02)

  • When decoding a domain, add a display argument that will pass through invalid labels rather than raising an exception.

3.17 (2026-05-28)

  • Substantial 75% reduction in memory usage through new data structures and some optimization in processing speed.
  • Added a general 1024-character input length cap to the public validation, conversion, and codec entry points. This is well above any legitimate domain or label and guards against pathological inputs.
Commits
  • f39ea90 Release 3.18
  • 40f4e40 Pre-release 3.18rc0
  • 1a5bf80 Merge pull request #253 from kjd/lenient-decode
  • 5bbb26f Merge branch 'master' into lenient-decode
  • c532bae Rename decode() lenient= option to display= (issue #248)
  • 0b1758b Merge pull request #252 from kjd/release-3.17
  • f48619c Release 3.17
  • 7421ba8 Pre-release 3.17rc0
  • 22ebb73 Merge pull request #251 from kjd/structure-optimizations
  • 2a7ac0a Drop redundant parallel-arrays comment from uts46data
  • Additional commits viewable in compare view

Updates snowballstemmer from 3.1.0 to 3.1.1

Changelog

Sourced from snowballstemmer's changelog.

Snowball 3.1.1 (2026-06-03)

Compiler changes

  • Bug fixes:

    • Fix a segmentation fault after reporting an error for a string command not followed by a string variable name or string literal. Bug introduced in 3.1.0. Patch from Jerry James (#287).

  • Compiler command-line options:

    • Emit an error for -o -/-output -. Output to stdout is not supported because we need to generate multiple files for some target languages. We were interpreting - as a base filename to append extensions to, so we'd create -.c and -.h for C, but creating filenames that start with - seems unhelpful.

Generic code generation changes

  • Bug fixes:

    • Variable localisation was failing to check the expression on the RHS of an integer test for uses of a variable, so could incorrectly localise an integer variable whose value should have persisted between calls to a function. This bug won't realistically manifest in real world Snowball code.

  • Optimisations:

    • Inline some routines which are only used once. This is done for routines consisting of a single non-compound command (or cases such as not <boolean> and goto <grouping> which we internally synthesise a non-compound command for). Localisation of variables happens after inlining, so variables can now be localised in more cases.

    • test next and not next are both now simplified to a comparison between cursor and limit (like not atlimit and atlimit). We already normalise hop 1 to next, so test hop 1 and not hop 1 are also simplified in this way.

    • Simplify not applied to an integer test by removing the not and flipping the sense of the test (e.g. not $(x > y) becomes $(x <= y)) which results in simpler generated code. More usefully in real world code, this also results in simpler generated code for not atlimit (since atlimit is converted $(cursor >= limit) or $(cursor <= limit) (depending on the current direction).

... (truncated)

Commits
  • cd195b5 Update for 3.1.1
  • 80d885c NEWS: Update draft entry
  • 5346c74 C++: Compile runtime as C++
  • 537f970 python: Add classifier for 3.14
  • 3aeb013 python: Skip Natural Language :: Sesotho classifier
  • 91fa20b NEWS: Update draft entry
  • a04abeb Don't use extern "C" for functions which can throw
  • 49bb623 C++: Hook up properly
  • 7ab50ed CI: Fix coverage job
  • 5f0a33c NEWS: Add draft entry
  • Additional commits viewable in compare view

Updates beautifulsoup4 from 4.14.3 to 4.15.0

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the ci-constraints group across 1 directory with 4 updates
da7aee5 
Bumps the ci-constraints group with 4 updates in the /ci directory: [cyclonedx-python-lib](https://github.com/CycloneDX/cyclonedx-python-lib), [idna](https://github.com/kjd/idna), [snowballstemmer](https://github.com/snowballstem/snowball) and [beautifulsoup4](https://www.crummy.com/software/BeautifulSoup/bs4/).


Updates `cyclonedx-python-lib` from 11.7.0 to 11.9.0
- [Release notes](https://github.com/CycloneDX/cyclonedx-python-lib/releases)
- [Changelog](https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CHANGELOG.md)
- [Commits](CycloneDX/cyclonedx-python-lib@v11.7.0...v11.9.0)

Updates `idna` from 3.16 to 3.18
- [Release notes](https://github.com/kjd/idna/releases)
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.md)
- [Commits](kjd/idna@v3.16...v3.18)

Updates `snowballstemmer` from 3.1.0 to 3.1.1
- [Changelog](https://github.com/snowballstem/snowball/blob/main/NEWS)
- [Commits](snowballstem/snowball@v3.1.0...v3.1.1)

Updates `beautifulsoup4` from 4.14.3 to 4.15.0

---
updated-dependencies:
- dependency-name: cyclonedx-python-lib
  dependency-version: 11.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ci-constraints
- dependency-name: idna
  dependency-version: '3.18'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ci-constraints
- dependency-name: snowballstemmer
  dependency-version: 3.1.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: ci-constraints
- dependency-name: beautifulsoup4
  dependency-version: 4.15.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ci-constraints
...

Signed-off-by: dependabot[bot] <support@github.com>
@matajoh matajoh merged commit 724f9fe into main Jun 10, 2026
41 checks passed
@matajoh matajoh deleted the dependabot/pip/ci/ci-constraints-27f7d52bd4 branch June 10, 2026 22:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@matajoh matajoh matajoh approved these changes

Assignees

No one assigned

Labels

ci dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@matajoh