Skip to content

Bump urllib3 from 2.5.0 to 2.6.0 in /__tests__/data #1253

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
HarithaVattikuti merged 1 commit into from
Dec 30, 2025
Merged

Bump urllib3 from 2.5.0 to 2.6.0 in /__tests__/data #1253

HarithaVattikuti merged 1 commit into from
Dec 30, 2025
+2 −2

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 6, 2025

Bumps urllib3 from 2.5.0 to 2.6.0.

Release notes

Sourced from urllib3's releases.

2.6.0

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Security

  • Fixed a security issue where streaming API could improperly handle highly compressed HTTP content ("decompression bombs") leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (CVE-2025-66471 reported by @​Cycloctane, 8.9 High, GHSA-2xpw-w6gg-jr37)
  • Fixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the Content-Encoding header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (CVE-2025-66418 reported by @​illia-v, 8.9 High, GHSA-gm62-xv2j-4w53)

[!IMPORTANT]

  • If urllib3 is not installed with the optional urllib3[brotli] extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to benefit from the security fixes and avoid warnings. Prefer using urllib3[brotli] to install a compatible Brotli package automatically.
  • If you use custom decompressors, please make sure to update them to respect the changed API of urllib3.response.ContentDecoder.

Features

  • Enabled retrieval, deletion, and membership testing in HTTPHeaderDict using bytes keys. (#3653)
  • Added host and port information to string representations of HTTPConnection. (#3666)
  • Added support for Python 3.14 free-threading builds explicitly. (#3696)

Removals

  • Removed the HTTPResponse.getheaders() method in favor of HTTPResponse.headers. Removed the HTTPResponse.getheader(name, default) method in favor of HTTPResponse.headers.get(name, default). (#3622)

Bugfixes

  • Fixed redirect handling in urllib3.PoolManager when an integer is passed for the retries parameter. (#3649)
  • Fixed HTTPConnectionPool when used in Emscripten with no explicit port. (#3664)
  • Fixed handling of SSLKEYLOGFILE with expandable variables. (#3700)

Misc

  • Changed the zstd extra to install backports.zstd instead of zstandard on Python 3.13 and before. (#3693)
  • Improved the performance of content decoding by optimizing BytesQueueBuffer class. (#3710)
  • Allowed building the urllib3 package with newer setuptools-scm v9.x. (#3652)
  • Ensured successful urllib3 builds by setting Hatchling requirement to ≥ 1.27.0. (#3638)
Changelog

Sourced from urllib3's changelog.

2.6.0 (2025-12-05)

Security

  • Fixed a security issue where streaming API could improperly handle highly compressed HTTP content ("decompression bombs") leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (GHSA-2xpw-w6gg-jr37 <https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37>__)
  • Fixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the Content-Encoding header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (GHSA-gm62-xv2j-4w53 <https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53>__)

.. caution::

  • If urllib3 is not installed with the optional urllib3[brotli] extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to benefit from the security fixes and avoid warnings. Prefer using urllib3[brotli] to install a compatible Brotli package automatically.

  • If you use custom decompressors, please make sure to update them to respect the changed API of urllib3.response.ContentDecoder.

Features

  • Enabled retrieval, deletion, and membership testing in HTTPHeaderDict using bytes keys. ([#3653](https://github.com/urllib3/urllib3/issues/3653) <https://github.com/urllib3/urllib3/issues/3653>__)
  • Added host and port information to string representations of HTTPConnection. ([#3666](https://github.com/urllib3/urllib3/issues/3666) <https://github.com/urllib3/urllib3/issues/3666>__)
  • Added support for Python 3.14 free-threading builds explicitly. ([#3696](https://github.com/urllib3/urllib3/issues/3696) <https://github.com/urllib3/urllib3/issues/3696>__)

Removals

  • Removed the HTTPResponse.getheaders() method in favor of HTTPResponse.headers. Removed the HTTPResponse.getheader(name, default) method in favor of HTTPResponse.headers.get(name, default). ([#3622](https://github.com/urllib3/urllib3/issues/3622) <https://github.com/urllib3/urllib3/issues/3622>__)

Bugfixes

  • Fixed redirect handling in urllib3.PoolManager when an integer is passed for the retries parameter. ([#3649](https://github.com/urllib3/urllib3/issues/3649) <https://github.com/urllib3/urllib3/issues/3649>__)
  • Fixed HTTPConnectionPool when used in Emscripten with no explicit port. ([#3664](https://github.com/urllib3/urllib3/issues/3664) <https://github.com/urllib3/urllib3/issues/3664>__)
  • Fixed handling of SSLKEYLOGFILE with expandable variables. ([#3700](https://github.com/urllib3/urllib3/issues/3700) <https://github.com/urllib3/urllib3/issues/3700>__)

... (truncated)

Commits
  • 720f484 Release 2.6.0
  • 24d7b67 Merge commit from fork
  • c19571d Merge commit from fork
  • 816fcf0 Bump actions/setup-python from 6.0.0 to 6.1.0 (#3725)
  • 18af0a1 Improve speed of BytesQueueBuffer.get() by using memoryview (#3711)
  • 1f6abac Bump versions of pre-commit hooks (#3716)
  • 1c8fbf7 Bump actions/checkout from 5.0.0 to 6.0.0 (#3722)
  • 7784b9e Add Python 3.15 to CI (#3717)
  • 0241c9e Updated docs to reflect change in optional zstd dependency from zstandard t...
  • 7afcabb Expand environment variable of SSLKEYLOGFILE (#3705)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump urllib3 from 2.5.0 to 2.6.0 in /__tests__/data
cad2246 
Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.5.0 to 2.6.0.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.5.0...2.6.0)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-version: 2.6.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Dec 6, 2025
@dependabot dependabot bot requested a review from a team as a code owner December 6, 2025 05:07
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Dec 6, 2025
@HarithaVattikuti HarithaVattikuti merged commit 4f41a90 into main Dec 30, 2025
1410 checks passed
@HarithaVattikuti HarithaVattikuti deleted the dependabot/pip/__tests__/data/urllib3-2.6.0 branch December 30, 2025 02:36
mergify bot added a commit to robfrank/linklift that referenced this pull request Jan 25, 2026
@mergify
chore(deps): bump the github-actions group with 7 updates [skip ci]
82f0620 
Bumps the github-actions group with 7 updates:
| Package | From | To |
| --- | --- | --- |
| [actions/setup-python](https://github.com/actions/setup-python) | `6.1.0` | `6.2.0` |
| [actions/cache](https://github.com/actions/cache) | `5.0.1` | `5.0.2` |
| [actions/setup-java](https://github.com/actions/setup-java) | `5.1.0` | `5.2.0` |
| [anchore/scan-action](https://github.com/anchore/scan-action) | `7.2.3` | `7.3.0` |
| [anthropics/claude-code-action](https://github.com/anthropics/claude-code-action) | `1.0.29` | `1.0.31` |
| [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) | `8.0.0` | `8.1.0` |
| [ruby/setup-ruby](https://github.com/ruby/setup-ruby) | `1.283.0` | `1.286.0` |
Updates `actions/setup-python` from 6.1.0 to 6.2.0
Release notes

*Sourced from [actions/setup-python's releases](https://github.com/actions/setup-python/releases).*

> v6.2.0
> ------
>
> What's Changed
> --------------
>
> ### Dependency Upgrades
>
> * Upgrade dependencies to Node 24 compatible versions by [`@​salmanmkc`](https://github.com/salmanmkc) in [actions/setup-python#1259](https://redirect.github.com/actions/setup-python/pull/1259)
> * Upgrade urllib3 from 2.5.0 to 2.6.3 in `/__tests__/data` by [`@​dependabot`](https://github.com/dependabot) in [actions/setup-python#1253](https://redirect.github.com/actions/setup-python/pull/1253) and [actions/setup-python#1264](https://redirect.github.com/actions/setup-python/pull/1264)
>
> **Full Changelog**: <actions/setup-python@v6...v6.2.0>


Commits

* [`a309ff8`](actions/setup-python@a309ff8) Bump urllib3 from 2.6.0 to 2.6.3 in /**tests**/data ([#1264](https://redirect.github.com/actions/setup-python/issues/1264))
* [`bfe8cc5`](actions/setup-python@bfe8cc5) Upgrade [`@​actions`](https://github.com/actions) dependencies to Node 24 compatible versions ([#1259](https://redirect.github.com/actions/setup-python/issues/1259))
* [`4f41a90`](actions/setup-python@4f41a90) Bump urllib3 from 2.5.0 to 2.6.0 in /**tests**/data ([#1253](https://redirect.github.com/actions/setup-python/issues/1253))
* See full diff in [compare view](actions/setup-python@83679a8...a309ff8)
  
Updates `actions/cache` from 5.0.1 to 5.0.2
Release notes

*Sourced from [actions/cache's releases](https://github.com/actions/cache/releases).*

> v.5.0.2
> -------
>
> v5.0.2
> ======
>
> What's Changed
> --------------
>
> When creating cache entries, 429s returned from the cache service will not be retried.


Changelog

*Sourced from [actions/cache's changelog](https://github.com/actions/cache/blob/main/RELEASES.md).*

> Releases
> ========
>
> Changelog
> ---------
>
> ### 5.0.2
>
> * Bump `@actions/cache` to v5.0.3 [#1692](https://redirect.github.com/actions/cache/pull/1692)
>
> ### 5.0.1
>
> * Update `@azure/storage-blob` to `^12.29.1` via `@actions/cache@5.0.1` [#1685](https://redirect.github.com/actions/cache/pull/1685)
>
> ### 5.0.0
>
> > [!IMPORTANT]
> > `actions/cache@v5` runs on the Node.js 24 runtime and requires a minimum Actions Runner version of `2.327.1`.
> > If you are using self-hosted runners, ensure they are updated before upgrading.
>
> ### 4.3.0
>
> * Bump `@actions/cache` to [v4.1.0](https://redirect.github.com/actions/toolkit/pull/2132)
>
> ### 4.2.4
>
> * Bump `@actions/cache` to v4.0.5
>
> ### 4.2.3
>
> * Bump `@actions/cache` to v4.0.3 (obfuscates SAS token in debug logs for cache entries)
>
> ### 4.2.2
>
> * Bump `@actions/cache` to v4.0.2
>
> ### 4.2.1
>
> * Bump `@actions/cache` to v4.0.1
>
> ### 4.2.0
>
> TLDR; The cache backend service has been rewritten from the ground up for improved performance and reliability. [actions/cache](https://github.com/actions/cache) now integrates with the new cache service (v2) APIs.
>
> The new service will gradually roll out as of **February 1st, 2025**. The legacy service will also be sunset on the same date. Changes in these release are **fully backward compatible**.
>
> **We are deprecating some versions of this action**. We recommend upgrading to version `v4` or `v3` as soon as possible before **February 1st, 2025.** (Upgrade instructions below).
>
> If you are using pinned SHAs, please use the SHAs of versions `v4.2.0` or `v3.4.0`
>
> If you do not upgrade, all workflow runs using any of the deprecated [actions/cache](https://github.com/actions/cache) will fail.

... (truncated)


Commits

* [`8b402f5`](actions/cache@8b402f5) Merge pull request [#1692](https://redirect.github.com/actions/cache/issues/1692) from GhadimiR/main
* [`304ab5a`](actions/cache@304ab5a) license for httpclient
* [`609fc19`](actions/cache@609fc19) Update licensed record for cache
* [`b22231e`](actions/cache@b22231e) Build
* [`93150cd`](actions/cache@93150cd) Add PR link to releases
* [`9b8ca9f`](actions/cache@9b8ca9f) Bump actions/cache to 5.0.3
* See full diff in [compare view](actions/cache@9255dc7...8b402f5)
  
Updates `actions/setup-java` from 5.1.0 to 5.2.0
Release notes

*Sourced from [actions/setup-java's releases](https://github.com/actions/setup-java/releases).*

> v5.2.0
> ------
>
> What's Changed
> --------------
>
> ### Enhancement
>
> * Retry on HTTP 522 Connection timed out by [`@​findepi`](https://github.com/findepi) in [actions/setup-java#964](https://redirect.github.com/actions/setup-java/pull/964)
>
> ### Documentation Changes
>
> * Update gradle caching by [`@​priya-kinthali`](https://github.com/priya-kinthali) in [actions/setup-java#972](https://redirect.github.com/actions/setup-java/pull/972)
> * Update checkout to v6 by [`@​mahabaleshwars`](https://github.com/mahabaleshwars) in [actions/setup-java#973](https://redirect.github.com/actions/setup-java/pull/973)
>
> ### Dependency Updates
>
> * Upgrade `@​actions/cache` to v5 by [`@​salmanmkc`](https://github.com/salmanmkc) in [actions/setup-java#968](https://redirect.github.com/actions/setup-java/pull/968)
> * Upgrade actions/checkout from 5 to 6 by [`@​dependabot`](https://github.com/dependabot) in [actions/setup-java#961](https://redirect.github.com/actions/setup-java/pull/961)
>
> New Contributors
> ----------------
>
> * [`@​findepi`](https://github.com/findepi) made their first contribution in [actions/setup-java#964](https://redirect.github.com/actions/setup-java/pull/964)
>
> **Full Changelog**: <actions/setup-java@v5...v5.2.0>


Commits

* [`be666c2`](actions/setup-java@be666c2) Chore: Version Update and Checkout Update to v6 ([#973](https://redirect.github.com/actions/setup-java/issues/973))
* [`f7a6fef`](actions/setup-java@f7a6fef) Bump actions/checkout from 5 to 6 ([#961](https://redirect.github.com/actions/setup-java/issues/961))
* [`d81c4e4`](actions/setup-java@d81c4e4) Upgrade `@​actions/cache` to v5 ([#968](https://redirect.github.com/actions/setup-java/issues/968))
* [`1b1bbe1`](actions/setup-java@1b1bbe1) readme update ([#972](https://redirect.github.com/actions/setup-java/issues/972))
* [`5d7b214`](actions/setup-java@5d7b214) Retry on HTTP 522 Connection timed out ([#964](https://redirect.github.com/actions/setup-java/issues/964))
* See full diff in [compare view](actions/setup-java@f2beeb2...be666c2)
  
Updates `anchore/scan-action` from 7.2.3 to 7.3.0
Release notes

*Sourced from [anchore/scan-action's releases](https://github.com/anchore/scan-action/releases).*

> v7.3.0
> ------
>
> New in scan-action v7.3.0
> -------------------------
>
> ⬆️ Dependencies
> ---------------
>
> * chore(deps): bump `@​actions/tool-cache` from 2.0.2 to 3.0.0 ([#567](https://redirect.github.com/anchore/scan-action/issues/567)) [[`@​dependabot`](https://github.com/dependabot)]
> * chore(deps): bump `@​actions/cache` from 5.0.1 to 5.0.2 ([#568](https://redirect.github.com/anchore/scan-action/issues/568)) [[`@​dependabot`](https://github.com/dependabot)]
> * chore(deps): bump `@​actions/core` from 2.0.1 to 2.0.2 ([#569](https://redirect.github.com/anchore/scan-action/issues/569)) [[`@​dependabot`](https://github.com/dependabot)]
> * chore(deps-dev): bump tar from 7.5.2 to 7.5.3 ([#574](https://redirect.github.com/anchore/scan-action/issues/574)) [[`@​dependabot`](https://github.com/dependabot)]
> * chore(deps): update Grype to v0.105.0 ([#572](https://redirect.github.com/anchore/scan-action/issues/572)) [[`@​anchore-actions-token-generator`](https://github.com/anchore-actions-token-generator)[bot]]


Commits

* [`0d444ed`](anchore/scan-action@0d444ed) chore: update release drafter permissions ([#578](https://redirect.github.com/anchore/scan-action/issues/578))
* [`f9bddf7`](anchore/scan-action@f9bddf7) chore: update release drafter to include appropriate dependencies ([#577](https://redirect.github.com/anchore/scan-action/issues/577))
* [`ffeb136`](anchore/scan-action@ffeb136) chore(deps): bump `@​actions/tool-cache` from 2.0.2 to 3.0.0 ([#567](https://redirect.github.com/anchore/scan-action/issues/567))
* [`32bbf28`](anchore/scan-action@32bbf28) chore(deps): bump `@​actions/cache` from 5.0.1 to 5.0.2 ([#568](https://redirect.github.com/anchore/scan-action/issues/568))
* [`5f513a1`](anchore/scan-action@5f513a1) chore(deps): bump `@​actions/core` from 2.0.1 to 2.0.2 ([#569](https://redirect.github.com/anchore/scan-action/issues/569))
* [`02ce04c`](anchore/scan-action@02ce04c) chore(deps-dev): bump tar from 7.5.2 to 7.5.3 ([#574](https://redirect.github.com/anchore/scan-action/issues/574))
* [`6ac601c`](anchore/scan-action@6ac601c) Chore better zizmor ([#573](https://redirect.github.com/anchore/scan-action/issues/573))
* [`e2f9cdb`](anchore/scan-action@e2f9cdb) chore(deps): update Grype to v0.105.0 ([#572](https://redirect.github.com/anchore/scan-action/issues/572))
* [`cddc16d`](anchore/scan-action@cddc16d) chore(deps): bump actions/setup-node from 6.1.0 to 6.2.0 ([#571](https://redirect.github.com/anchore/scan-action/issues/571))
* See full diff in [compare view](anchore/scan-action@62b74fb...0d444ed)
  
Updates `anthropics/claude-code-action` from 1.0.29 to 1.0.31
Release notes

*Sourced from [anthropics/claude-code-action's releases](https://github.com/anthropics/claude-code-action/releases).*

> v1.0.31
> -------
>
> What's Changed
> --------------
>
> * fix: ensure SSH signing key has trailing newline by [`@​ashwin-ant`](https://github.com/ashwin-ant) in [anthropics/claude-code-action#834](https://redirect.github.com/anthropics/claude-code-action/pull/834)
> * Consolidate CI workflows into a single entry point by [`@​ashwin-ant`](https://github.com/ashwin-ant) in [anthropics/claude-code-action#836](https://redirect.github.com/anthropics/claude-code-action/pull/836)
> * chore: bump Bun to 1.3.6 and setup-bun action to v2.1.2 by [`@​ashwin-ant`](https://github.com/ashwin-ant) in [anthropics/claude-code-action#848](https://redirect.github.com/anthropics/claude-code-action/pull/848)
> * refactor: remove CLI path, use Agent SDK exclusively by [`@​ashwin-ant`](https://github.com/ashwin-ant) in [anthropics/claude-code-action#849](https://redirect.github.com/anthropics/claude-code-action/pull/849)
>
> **Full Changelog**: <anthropics/claude-code-action@v1...v1.0.31>
>
> v1.0.30
> -------
>
> What's Changed
> --------------
>
> * fix: parse ALL --allowed-tools flags, not just the first one by [`@​AlexanderBartash`](https://github.com/AlexanderBartash) in [anthropics/claude-code-action#801](https://redirect.github.com/anthropics/claude-code-action/pull/801)
> * docs: clarify that Claude does not auto-create PRs by default by [`@​ashwin-ant`](https://github.com/ashwin-ant) in [anthropics/claude-code-action#824](https://redirect.github.com/anthropics/claude-code-action/pull/824)
> * fix: add checkHumanActor to agent mode by [`@​ashwin-ant`](https://github.com/ashwin-ant) in [anthropics/claude-code-action#826](https://redirect.github.com/anthropics/claude-code-action/pull/826)
> * chore: comment out release-base-action job in release workflow by [`@​ashwin-ant`](https://github.com/ashwin-ant) in [anthropics/claude-code-action#833](https://redirect.github.com/anthropics/claude-code-action/pull/833)
>
> New Contributors
> ----------------
>
> * [`@​AlexanderBartash`](https://github.com/AlexanderBartash) made their first contribution in [anthropics/claude-code-action#801](https://redirect.github.com/anthropics/claude-code-action/pull/801)
>
> **Full Changelog**: <anthropics/claude-code-action@v1...v1.0.30>


Commits

* [`2316a9a`](anthropics/claude-code-action@2316a9a) chore: bump Claude Code to 2.1.15 and Agent SDK to 0.2.15
* [`49cfcf8`](anthropics/claude-code-action@49cfcf8) refactor: remove CLI path, use Agent SDK exclusively ([#849](https://redirect.github.com/anthropics/claude-code-action/issues/849))
* [`e208124`](anthropics/claude-code-action@e208124) chore: bump Bun to 1.3.6 and setup-bun action to v2.1.2 ([#848](https://redirect.github.com/anthropics/claude-code-action/issues/848))
* [`ba60ef7`](anthropics/claude-code-action@ba60ef7) Consolidate CI workflows into a single entry point ([#836](https://redirect.github.com/anthropics/claude-code-action/issues/836))
* [`f3c892c`](anthropics/claude-code-action@f3c892c) chore: bump Claude Code to 2.1.11 and Agent SDK to 0.2.11
* [`6e896a0`](anthropics/claude-code-action@6e896a0) fix: ensure SSH signing key has trailing newline ([#834](https://redirect.github.com/anthropics/claude-code-action/issues/834))
* [`a017b83`](anthropics/claude-code-action@a017b83) chore: comment out release-base-action job in release workflow ([#833](https://redirect.github.com/anthropics/claude-code-action/issues/833))
* [`75f52e5`](anthropics/claude-code-action@75f52e5) chore: bump Claude Code to 2.1.9 and Agent SDK to 0.2.9
* [`1bbc9e7`](anthropics/claude-code-action@1bbc9e7) fix: add checkHumanActor to agent mode ([#826](https://redirect.github.com/anthropics/claude-code-action/issues/826))
* [`625ea15`](anthropics/claude-code-action@625ea15) docs: clarify that Claude does not auto-create PRs by default ([#824](https://redirect.github.com/anthropics/claude-code-action/issues/824))
* Additional commits viewable in [compare view](anthropics/claude-code-action@1b8ee3b...2316a9a)
  
Updates `peter-evans/create-pull-request` from 8.0.0 to 8.1.0
Release notes

*Sourced from [peter-evans/create-pull-request's releases](https://github.com/peter-evans/create-pull-request/releases).*

> Create Pull Request v8.1.0
> --------------------------
>
> What's Changed
> --------------
>
> * README.md: bump given GitHub actions to their latest versions by [`@​deining`](https://github.com/deining) in [peter-evans/create-pull-request#4265](https://redirect.github.com/peter-evans/create-pull-request/pull/4265)
> * build(deps): bump the github-actions group with 2 updates by [`@​dependabot`](https://github.com/dependabot)[bot] in [peter-evans/create-pull-request#4273](https://redirect.github.com/peter-evans/create-pull-request/pull/4273)
> * build(deps-dev): bump the npm group with 2 updates by [`@​dependabot`](https://github.com/dependabot)[bot] in [peter-evans/create-pull-request#4274](https://redirect.github.com/peter-evans/create-pull-request/pull/4274)
> * build(deps-dev): bump undici from 6.22.0 to 6.23.0 by [`@​dependabot`](https://github.com/dependabot)[bot] in [peter-evans/create-pull-request#4284](https://redirect.github.com/peter-evans/create-pull-request/pull/4284)
> * Update distribution by [`@​actions-bot`](https://github.com/actions-bot) in [peter-evans/create-pull-request#4289](https://redirect.github.com/peter-evans/create-pull-request/pull/4289)
> * fix: Handle remote prune failures gracefully on self-hosted runners by [`@​peter-evans`](https://github.com/peter-evans) in [peter-evans/create-pull-request#4295](https://redirect.github.com/peter-evans/create-pull-request/pull/4295)
> * feat: add `@​octokit/plugin-retry` to handle retriable server errors by [`@​peter-evans`](https://github.com/peter-evans) in [peter-evans/create-pull-request#4298](https://redirect.github.com/peter-evans/create-pull-request/pull/4298)
>
> New Contributors
> ----------------
>
> * [`@​deining`](https://github.com/deining) made their first contribution in [peter-evans/create-pull-request#4265](https://redirect.github.com/peter-evans/create-pull-request/pull/4265)
>
> **Full Changelog**: <peter-evans/create-pull-request@v8.0.0...v8.1.0>


Commits

* [`c0f553f`](peter-evans/create-pull-request@c0f553f) feat: add `@​octokit/plugin-retry` to handle retriable server errors ([#4298](https://redirect.github.com/peter-evans/create-pull-request/issues/4298))
* [`7000124`](peter-evans/create-pull-request@7000124) fix: Handle remote prune failures gracefully ([#4295](https://redirect.github.com/peter-evans/create-pull-request/issues/4295))
* [`34aa40e`](peter-evans/create-pull-request@34aa40e) build: update distribution ([#4289](https://redirect.github.com/peter-evans/create-pull-request/issues/4289))
* [`641099d`](peter-evans/create-pull-request@641099d) build(deps-dev): bump undici from 6.22.0 to 6.23.0 ([#4284](https://redirect.github.com/peter-evans/create-pull-request/issues/4284))
* [`2271f1d`](peter-evans/create-pull-request@2271f1d) build(deps-dev): bump the npm group with 2 updates ([#4274](https://redirect.github.com/peter-evans/create-pull-request/issues/4274))
* [`437c31a`](peter-evans/create-pull-request@437c31a) build(deps): bump the github-actions group with 2 updates ([#4273](https://redirect.github.com/peter-evans/create-pull-request/issues/4273))
* [`0979079`](peter-evans/create-pull-request@0979079) docs: update readme
* [`5b751cd`](peter-evans/create-pull-request@5b751cd) README.md: bump given GitHub actions to their latest versions ([#4265](https://redirect.github.com/peter-evans/create-pull-request/issues/4265))
* See full diff in [compare view](peter-evans/create-pull-request@98357b1...c0f553f)
  
Updates `ruby/setup-ruby` from 1.283.0 to 1.286.0
Release notes

*Sourced from [ruby/setup-ruby's releases](https://github.com/ruby/setup-ruby/releases).*

> v1.286.0
> --------
>
> What's Changed
> --------------
>
> * Add truffleruby-33.0.1,truffleruby+graalvm-33.0.1 by [`@​ruby-builder-bot`](https://github.com/ruby-builder-bot) in [ruby/setup-ruby#864](https://redirect.github.com/ruby/setup-ruby/pull/864)
>
> **Full Changelog**: <ruby/setup-ruby@v1.285.0...v1.286.0>
>
> v1.285.0
> --------
>
> What's Changed
> --------------
>
> * Convert to String earlier in generate-windows-versions.rb by [`@​eregon`](https://github.com/eregon) in [ruby/setup-ruby#862](https://redirect.github.com/ruby/setup-ruby/pull/862)
> * Update all dependencies to latest by [`@​eregon`](https://github.com/eregon) in [ruby/setup-ruby#863](https://redirect.github.com/ruby/setup-ruby/pull/863)
>
> **Full Changelog**: <ruby/setup-ruby@v1.284.0...v1.285.0>
>
> v1.284.0
> --------
>
> What's Changed
> --------------
>
> * Fix compatibility to ruby-3.2 by [`@​larskanis`](https://github.com/larskanis) in [ruby/setup-ruby#861](https://redirect.github.com/ruby/setup-ruby/pull/861)
>
> **Full Changelog**: <ruby/setup-ruby@v1.283.0...v1.284.0>


Commits

* [`90be115`](ruby/setup-ruby@90be115) Add truffleruby-33.0.1,truffleruby+graalvm-33.0.1
* [`e69dcf3`](ruby/setup-ruby@e69dcf3) Update all dependencies to latest
* [`9f55308`](ruby/setup-ruby@9f55308) Convert to String earlier in generate-windows-versions.rb
* [`80740b3`](ruby/setup-ruby@80740b3) Add new RubyInstaller releases 4.0.1-1 and 3.2.10-1
* [`5fcbc91`](ruby/setup-ruby@5fcbc91) Fix compatibility to ruby-3.2
* See full diff in [compare view](ruby/setup-ruby@708024e...90be115)
  
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
  
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show  ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore  major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore  minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore  ` will remove the ignore condition of the specified dependency and ignore conditions
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@HarithaVattikuti HarithaVattikuti HarithaVattikuti approved these changes

@aparnajyothi-y aparnajyothi-y aparnajyothi-y approved these changes

@priya-kinthali priya-kinthali priya-kinthali approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@HarithaVattikuti @aparnajyothi-y @priya-kinthali