Skip to content

Bump the pip group with 2 updates#349

Merged
ezio-melotti merged 1 commit intomainfrom
dependabot/pip/pip-c875d1c4fe
Mar 1, 2026
Merged

Bump the pip group with 2 updates#349
ezio-melotti merged 1 commit intomainfrom
dependabot/pip/pip-c875d1c4fe

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 1, 2026

Bumps the pip group with 2 updates: sigstore and pyfakefs.

Updates sigstore from 3.6.6 to 3.6.7

Release notes

Sourced from sigstore's releases.

v3.6.7

This release backports a minor security issue in OIDC authentication and a compatibility issue in Fulcios Signed Certificate Timestamps to the 3.6.x series. All users are advised to upgrade to 4.2.0 or 3.6.7

Fixed in 3.6.7

  • Fix issue with Signed Certificate Timestamp parsing issue where extensions were not allowed by sigstore-python (1657, 1659)
  • Add state validation to OIDC flow to prevent cross-site request forgery during OIDC authorization (GHSA-hm8f-75xx-w2vr)
Changelog

Sourced from sigstore's changelog.

[3.6.7]

  • Fix issue with Signed Certificate Timestamp parsing issue where extensions were not allowed by sigstore-python (1657, 1659)
  • Add state validation to OIDC flow to prevent cross-site request forgery during OIDC authorization (GHSA-hm8f-75xx-w2vr)
Commits

Updates pyfakefs from 6.0.0 to 6.1.1

Release notes

Sourced from pyfakefs's releases.

pyfakefs release version 6.1.1

  • fixes a packaging issue in latest version

pyfakefs release version 6.1.0

  • changes back-link references to weak references
  • minor bugfixes
  • see the release notes for a list of changes
Changelog

Sourced from pyfakefs's changelog.

Version 6.1.1 (2026-02-09)

Fixes a packaging issue in latest version.

Fixes

  • fixed packaging issue: tests had not been added to sdist (see #1278)

Version 6.1.0 (2026-02-06)

Changes back-link references to weak references.

Changes

  • added more support for PyPy 3
  • Caution: many back-link references have been replaced by weak references; this may have unwanted consequences (crashes) for some untested workflows

Infrastructure

  • added PyPy 3.11 to CI, added PyPy builds for all OSes
  • use only pyproject.toml for dependencies, moved tox configuration into pyproject.toml

Fixes

  • fixed a problem accessing size from a FakeFileWrapper object (see #1276)
  • fixed a problem with readable raising an error on a file object. (see #1265)
  • avoid memory accumulation in consecutive tests by using weak references (see #1267)
Commits
  • 5514a76 Release 6.1.1
  • fa2f91d Re-add tests to sdist package
  • bd589e1 Release 6.1.0
  • 7ca6745 Make FakeFileWrapper.size a property
  • ac6e70b [pre-commit.ci] pre-commit autoupdate
  • f81c397 Replace backlink refs with weakrefs
  • c395cfa [pre-commit.ci] pre-commit autoupdate
  • b49f7f0 Consolidate dependencies
  • 9f6d8bc 1265 iounsupportedoperation file is not open for reading on iotextiowrapper (...
  • 2487a3c [pre-commit.ci] pre-commit autoupdate
  • Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request
Dependency Name Ignore Conditions
sigstore [>= 4.dev0, < 5]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the pip group with 2 updates
c260238 
Bumps the pip group with 2 updates: [sigstore](https://github.com/sigstore/sigstore-python) and [pyfakefs](https://github.com/pytest-dev/pyfakefs).


Updates `sigstore` from 3.6.6 to 3.6.7
- [Release notes](https://github.com/sigstore/sigstore-python/releases)
- [Changelog](https://github.com/sigstore/sigstore-python/blob/v3.6.7/CHANGELOG.md)
- [Commits](sigstore/sigstore-python@v3.6.6...v3.6.7)

Updates `pyfakefs` from 6.0.0 to 6.1.1
- [Release notes](https://github.com/pytest-dev/pyfakefs/releases)
- [Changelog](https://github.com/pytest-dev/pyfakefs/blob/main/CHANGES.md)
- [Commits](pytest-dev/pyfakefs@v6.0.0...v6.1.1)

---
updated-dependencies:
- dependency-name: sigstore
  dependency-version: 3.6.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: pip
- dependency-name: pyfakefs
  dependency-version: 6.1.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Mar 1, 2026
@ezio-melotti ezio-melotti merged commit 6ef43b0 into main Mar 1, 2026
31 checks passed
@dependabot dependabot bot deleted the dependabot/pip/pip-c875d1c4fe branch March 1, 2026 06:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ezio-melotti ezio-melotti ezio-melotti approved these changes

Assignees

@ezio-melotti ezio-melotti

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ezio-melotti