Bump pymdown-extensions from 10.14.3 to 10.16.1 in /python #6825
Conversation
Bumps [pymdown-extensions](https://github.com/facelessuser/pymdown-extensions) from 10.14.3 to 10.16.1. - [Release notes](https://github.com/facelessuser/pymdown-extensions/releases) - [Commits](facelessuser/pymdown-extensions@10.14.3...10.16.1) --- updated-dependencies: - dependency-name: pymdown-extensions dependency-version: 10.16.1 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot
bot
added
dependencies
mbollmann
left a comment
mbollmann
left a comment
There was a problem hiding this comment.
I would probably prefer to bump this manually (and on python-dev first) rather than rely on these dependabot PRs.
| @@ -1,4 +1,4 @@ | |||
| # This file is automatically @generated by Poetry 2.1.1 and should not be changed by hand. | |||
| # This file is automatically @generated by Poetry 2.2.1 and should not be changed by hand. | |||
There was a problem hiding this comment.
What I don't like about these dependabot PRs is that they often contain spurious changes like this one. Not really sure what to think about this.
There was a problem hiding this comment.
I generally just assume that this is part of keeping on top of things, and from that perspective appreciate not having to do it manually. In an extreme case, consider a while back when our Hugo version was suddenly way too old. Better to amortize it a bit at a time, so long as it passes our tests.
There was a problem hiding this comment.
Yeah, and maybe I shouldn’t worry too much about the Poetry lock file since it’s automatically generated anyway so the contents aren’t really meant to be analyzed manually. I don’t know, would be good for me to figure out best practices here some time.
| python-versions = ">=3.8" | ||
| groups = ["dev"] | ||
| markers = "python_full_version <= \"3.11.0a6\"" | ||
| markers = "python_version == \"3.10\"" |
There was a problem hiding this comment.
Another spurious change that seems to have nothing to do with bumping pymdown-extensions
There was a problem hiding this comment.
Possibly those this represents current best practices?
| lock-version = "2.1" | ||
| python-versions = ">=3.10, !=3.11.0, <3.14" | ||
| content-hash = "fd532227f8093a084d9e122e006454d460046ae84dafd7919bc8cdf57542c3a2" | ||
| content-hash = "707b0655df4796bd54c0105a3fae47aef94e96de30c1bc8bff3d1976a97550df" |
There was a problem hiding this comment.
Another spurious change that seems to have nothing to do with bumping pymdown-extensions
mbollmann
left a comment
mbollmann
left a comment
There was a problem hiding this comment.
Yeah, I think I’d lean towards not merging this and instead bumping this "properly" on python-dev first.
Sounds good. |
Bumps pymdown-extensions from 10.14.3 to 10.16.1.
Release notes
Sourced from pymdown-extensions's releases.
Commits
b50d15aCaption pattern should match a literal dot (#2717)f64422fUpdate copyright9edb926Use Trusted Publisher7d3d4f9Add early support for Python 3.14 (#2697)beb841eDocs: Update JS deps620d7fdDocs: update JS depsa49f32aRefactor for mypy issue52a481bDocs: update JS dependencies2a1828aAllow raw HTML in caption prefix (#2679)fbf4bf2Fix issue where manual captions in auto were not respected properly (#2678)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.