From 9fd13819f700940843cbb76ca529b79f67d8dd49 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 11 Feb 2025 10:21:23 +0000
Subject: [PATCH 1/3] Bump cython from 3.0.11 to 3.0.12 (#10450)

Bumps [cython](https://github.com/cython/cython) from 3.0.11 to 3.0.12.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/cython/cython/blob/master/CHANGES.rst">cython's
changelog</a>.</em></p>
<blockquote>
<h1>3.0.12 (2025-02-11)</h1>
<h2>Bugs fixed</h2>
<ul>
<li>
<p>Release 3.0.11 introduced some incorrect <code>noexcept</code>
warnings.
(Github issue :issue:<code>6335</code>)</p>
</li>
<li>
<p>Conditional assignments to variables using the walrus operator could
crash.
(Github issue :issue:<code>6094</code>)</p>
</li>
<li>
<p>Dict assignments to struct members with reserved C names could
generate invalid C code.</p>
</li>
<li>
<p>Fused ctuples with the same entry types but different sizes could
fail to compile.
(Github issue :issue:<code>6328</code>)</p>
</li>
<li>
<p>In Py3, <code>pyximport</code> was not searching
<code>sys.path</code> when looking for importable source files.
(Github issue :issue:<code>5615</code>)</p>
</li>
<li>
<p>Using <code>&amp; 0</code> on integers produced with
<code>int.from_bytes()</code> could read invalid memory on Python 3.10.
(Github issue :issue:<code>6480</code>)</p>
</li>
<li>
<p>Modules could fail to compile in PyPy 3.11 due to missing CPython
specific header files.
Patch by Matti Picus.  (Github issue :issue:<code>6482</code>)</p>
</li>
<li>
<p>Minor fix in C++ <code>partial_sum()</code> declaration.</p>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/cython/cython/commit/c7dae70222b36f52945e9723acf72d2bd698b08d"><code>c7dae70</code></a>
Fix release date.</li>
<li><a
href="https://github.com/cython/cython/commit/b161c725492a91968a84f3bb7a43d8783706617f"><code>b161c72</code></a>
Prepare release of 3.0.12.</li>
<li><a
href="https://github.com/cython/cython/commit/45c98258971884c6f82aa9944076cc52d11f6a5b"><code>45c9825</code></a>
Update changelog.</li>
<li><a
href="https://github.com/cython/cython/commit/b9a5b7002b78d5be327ea62e1e128e8e393841c4"><code>b9a5b70</code></a>
Exclude failing CI target macos-13/Py2.7.</li>
<li><a
href="https://github.com/cython/cython/commit/07d7cc1ff148ad1ab552a1a2cbcf9ffa6011c5b8"><code>07d7cc1</code></a>
Fix spelling errors</li>
<li><a
href="https://github.com/cython/cython/commit/0824349cf41759d6c837855ecac4d23dfbc495c6"><code>0824349</code></a>
Fix test in Py2.7.</li>
<li><a
href="https://github.com/cython/cython/commit/20ebc99beeac5d8b00cc1c8ad77f69b9c617cdc4"><code>20ebc99</code></a>
Fix test in Py2.7.</li>
<li><a
href="https://github.com/cython/cython/commit/20f6e4f3408f6d190f180eb0a82e1d36265d9f6c"><code>20f6e4f</code></a>
Do not include CPython 'internal/*.h' files in PyPy (<a
href="https://redirect.github.com/cython/cython/issues/6482">GH-6482</a>)</li>
<li><a
href="https://github.com/cython/cython/commit/023738288cd210b64b52250e80078eaef028a035"><code>0237382</code></a>
Fix libcpp partial_sum definition</li>
<li><a
href="https://github.com/cython/cython/commit/852286242ee46cc16f0a6efef7eb40a5ab3c57d5"><code>8522862</code></a>
Backport ufunc Numpy2 fix</li>
<li>Additional commits viewable in <a
href="https://github.com/cython/cython/compare/3.0.11...3.0.12">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cython&package-manager=pip&previous-version=3.0.11&new-version=3.0.12)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 requirements/constraints.txt | 2 +-
 requirements/cython.txt      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements/constraints.txt b/requirements/constraints.txt
index ae5bec01a87..d9b2473c6a8 100644
--- a/requirements/constraints.txt
+++ b/requirements/constraints.txt
@@ -56,7 +56,7 @@ cryptography==44.0.0
     # via
     #   pyjwt
     #   trustme
-cython==3.0.11
+cython==3.0.12
     # via -r requirements/cython.in
 distlib==0.3.9
     # via virtualenv
diff --git a/requirements/cython.txt b/requirements/cython.txt
index 7e392bddf91..b34cde941f8 100644
--- a/requirements/cython.txt
+++ b/requirements/cython.txt
@@ -4,7 +4,7 @@
 #
 #    pip-compile --allow-unsafe --output-file=requirements/cython.txt --resolver=backtracking --strip-extras requirements/cython.in
 #
-cython==3.0.11
+cython==3.0.12
     # via -r requirements/cython.in
 multidict==6.1.0
     # via -r requirements/multidict.in

From 551dc29b98c0dd044878cff35d7fac3f89ef9eed Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 11 Feb 2025 10:35:16 +0000
Subject: [PATCH 2/3] Bump pip from 25.0 to 25.0.1 (#10438)

Bumps [pip](https://github.com/pypa/pip) from 25.0 to 25.0.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>25.0.1 (2025-02-09)</h1>
<h2>Bug Fixes</h2>
<ul>
<li>Fix an unsupported type annotation on Python 3.10 and earlier.
(<code>[#13181](https://github.com/pypa/pip/issues/13181)
&lt;https://github.com/pypa/pip/issues/13181&gt;</code>_)</li>
<li>Fix a regression where truststore would never be used while
installing build dependencies.
(<code>[#13186](https://github.com/pypa/pip/issues/13186)
&lt;https://github.com/pypa/pip/issues/13186&gt;</code>_)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/bc7c88cb3de9c9af769c51517833ea48bbe70d9a"><code>bc7c88c</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/ebd0a52e123af8f89b0f3e8e18627653f4c83bfe"><code>ebd0a52</code></a>
Don't pass --cert to build subprocesses unless also given on CLI</li>
<li><a
href="https://github.com/pypa/pip/commit/aea86290d9b12ddbd2cb63f16c35d3e22f822bce"><code>aea8629</code></a>
Fix locate_file() type hints for older Pythons</li>
<li><a
href="https://github.com/pypa/pip/commit/e612988a6155466a8da620b237639bc2682ecb68"><code>e612988</code></a>
Add build-project.py compatibility note</li>
<li><a
href="https://github.com/pypa/pip/commit/202344eed3009a2546052b1885bdbcaee8295620"><code>202344e</code></a>
Update the release process docs</li>
<li><a
href="https://github.com/pypa/pip/commit/dc696c28332ade10cfe7ce95bda7d6c2868f2083"><code>dc696c2</code></a>
Patch out EXTERNALLY-MANAGED for self-check tests (<a
href="https://redirect.github.com/pypa/pip/issues/13179">#13179</a>)</li>
<li>See full diff in <a
href="https://github.com/pypa/pip/compare/25.0...25.0.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=25.0&new-version=25.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 requirements/constraints.txt | 2 +-
 requirements/dev.txt         | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements/constraints.txt b/requirements/constraints.txt
index d9b2473c6a8..a124c0c0038 100644
--- a/requirements/constraints.txt
+++ b/requirements/constraints.txt
@@ -276,7 +276,7 @@ yarl==1.18.3
     # via -r requirements/runtime-deps.in
 
 # The following packages are considered to be unsafe in a requirements file:
-pip==25.0
+pip==25.0.1
     # via pip-tools
 setuptools==75.8.0
     # via
diff --git a/requirements/dev.txt b/requirements/dev.txt
index 205f36ac549..b8133c73c46 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -267,7 +267,7 @@ yarl==1.18.3
     # via -r requirements/runtime-deps.in
 
 # The following packages are considered to be unsafe in a requirements file:
-pip==25.0
+pip==25.0.1
     # via pip-tools
 setuptools==75.8.0
     # via

From 2e9c643d198ad8d202d5661b9d32527221c89e8f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 11 Feb 2025 10:40:37 +0000
Subject: [PATCH 3/3] Bump virtualenv from 20.29.1 to 20.29.2 (#10451)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps [virtualenv](https://github.com/pypa/virtualenv) from 20.29.1 to
20.29.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/virtualenv/releases">virtualenv's
releases</a>.</em></p>
<blockquote>
<h2>20.29.2</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<ul>
<li>release 20.29.1 by <a
href="https://github.com/gaborbernat"><code>@​gaborbernat</code></a> in
<a
href="https://redirect.github.com/pypa/virtualenv/pull/2828">pypa/virtualenv#2828</a></li>
<li>Remove old virtualenv wheel by <a
href="https://github.com/gaborbernat"><code>@​gaborbernat</code></a> in
<a
href="https://redirect.github.com/pypa/virtualenv/pull/2842">pypa/virtualenv#2842</a></li>
<li>Bump pip to 25.0.1 by <a
href="https://github.com/gaborbernat"><code>@​gaborbernat</code></a> in
<a
href="https://redirect.github.com/pypa/virtualenv/pull/2843">pypa/virtualenv#2843</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/pypa/virtualenv/compare/20.29.1...20.29.2">https://github.com/pypa/virtualenv/compare/20.29.1...20.29.2</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst">virtualenv's
changelog</a>.</em></p>
<blockquote>
<h2>v20.29.2 (2025-02-10)</h2>
<p>Bugfixes - 20.29.2</p>
<pre><code>- Remove old virtualenv wheel from the source distribution -
by :user:`gaborbernat`. (:issue:`2841`)
- Upgrade embedded wheel pip to ``25.0.1`` from ``24.3.1`` - by
:user:`gaborbernat`. (:issue:`2843`)
</code></pre>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/virtualenv/commit/ca670cda6430254ff474100e770dabe5b4f439de"><code>ca670cd</code></a>
release 20.29.2</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/a2d2c3e48af745764f5194d024480d7128533617"><code>a2d2c3e</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/virtualenv/issues/2843">#2843</a>
from gaborbernat/bump-2-10</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/6203457b6d704ac88b0814b58465c53d5a6f141b"><code>6203457</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/virtualenv/issues/2842">#2842</a>
from gaborbernat/remove-whl</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/d8a68e6632646598bcec188a1e8c6f6f0d342786"><code>d8a68e6</code></a>
Bump pip to 25.0.1</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/7b8fde41f54b217284ce599afa3e0b1a1e6353a7"><code>7b8fde4</code></a>
Remove old virtualenv wheel</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/cb02b4f6ad3fa6e934c4162f343f073d8cbb36a1"><code>cb02b4f</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/virtualenv/issues/2837">#2837</a>
from pypa/pre-commit-ci-update-config</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/8332db87ecfd4fb97caa75f0c771356011dfacaa"><code>8332db8</code></a>
[pre-commit.ci] pre-commit autoupdate</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/192cef7a84f2e1d167ebede7083bb819123d41ff"><code>192cef7</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/pypa/virtualenv/issues/2833">#2833</a>)</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/a6a5c45b0c9da5a8823c03fd57e47e5a3773a081"><code>a6a5c45</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/pypa/virtualenv/issues/2830">#2830</a>)</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/d409f6a030c54783482aea12b45e609d1a0e1880"><code>d409f6a</code></a>
release 20.29.1 (<a
href="https://redirect.github.com/pypa/virtualenv/issues/2828">#2828</a>)</li>
<li>See full diff in <a
href="https://github.com/pypa/virtualenv/compare/20.29.1...20.29.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=virtualenv&package-manager=pip&previous-version=20.29.1&new-version=20.29.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 requirements/constraints.txt | 2 +-
 requirements/dev.txt         | 2 +-
 requirements/lint.txt        | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/requirements/constraints.txt b/requirements/constraints.txt
index a124c0c0038..fe70c9ad1eb 100644
--- a/requirements/constraints.txt
+++ b/requirements/constraints.txt
@@ -266,7 +266,7 @@ uvloop==0.21.0 ; platform_system != "Windows"
     #   -r requirements/lint.in
 valkey==6.0.2
     # via -r requirements/lint.in
-virtualenv==20.29.1
+virtualenv==20.29.2
     # via pre-commit
 wait-for-it==2.3.0
     # via -r requirements/test.in
diff --git a/requirements/dev.txt b/requirements/dev.txt
index b8133c73c46..5ed89f894b1 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -257,7 +257,7 @@ uvloop==0.21.0 ; platform_system != "Windows" and implementation_name == "cpytho
     #   -r requirements/lint.in
 valkey==6.0.2
     # via -r requirements/lint.in
-virtualenv==20.29.1
+virtualenv==20.29.2
     # via pre-commit
 wait-for-it==2.3.0
     # via -r requirements/test.in
diff --git a/requirements/lint.txt b/requirements/lint.txt
index 3aac5714313..af13cdbae32 100644
--- a/requirements/lint.txt
+++ b/requirements/lint.txt
@@ -104,5 +104,5 @@ uvloop==0.21.0 ; platform_system != "Windows"
     # via -r requirements/lint.in
 valkey==6.0.2
     # via -r requirements/lint.in
-virtualenv==20.29.1
+virtualenv==20.29.2
     # via pre-commit