Skip to content

chore(deps): bump packaging from 26.0 to 26.2#8971

Merged
roger-zhangg merged 2 commits into
developfrom
dependabot/pip/develop/packaging-26.2
May 13, 2026
Merged

chore(deps): bump packaging from 26.0 to 26.2#8971
roger-zhangg merged 2 commits into
developfrom
dependabot/pip/develop/packaging-26.2

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 12, 2026

Bumps packaging from 26.0 to 26.2.

Release notes

Sourced from packaging's releases.

26.2

What's Changed

Fixes:

Documentation:

Internal:

New Contributors

Full Changelog: pypa/packaging@26.1...26.2

26.1

Features:

Behavior adaptations:

... (truncated)

Changelog

Sourced from packaging's changelog.

26.2 - 2026-04-24


Fixes:

    

  • Fix incorrect sysconfig var name for pyemscripten in (:pull:1160)
    • 

  • Make Version, Specifier, SpecifierSet, Tag, Marker, and Requirement pickle-safe
    
and backward-compatible with pickles created in 25.0-26.1 (including references to the removed
    
packaging._structures module) (:pull:1163, :pull:1168, :pull:1170, :pull:1171)
    • 

  • Re-export ExceptionGroup in metadata for now in (:pull:1164)
    • 



Documentation:


    

  • Add errors section and fix missing details in (:pull:1159)
    • 

  • Document our property-based test suite in (:pull:1167)
    • 

  • Fix a DirectUrl typo in (:pull:1169)
    • 

  • Add example of is_unsatisfiable in (:pull:1166)
    • 



Internal:


    

  • Enable the auditor persona on zizmor in (:pull:1158)
    • 

  • Test new pickle guarantees in (:pull:1174)
    • 

  • Use new native ReadTheDocs uv integration in (:pull:1175)
    • 



26.1 - 2026-04-14

Features:

  • PEP 783: add handling for Emscripten wheel tags in (:pull:804) (old name used in implementation, fixed in next release)
  • PEP 803: add handling for the abi3.abi3t free-threading tag in (:pull:1099)
  • PEP 723: add packaging.dependency_groups module, based on the dependency-groups package in (:pull:1065)
  • Add the packaging.direct_url module in (:pull:944)
  • Add the packaging.errors module in (:pull:1071)
  • Add SpecifierSet.is_unsatisfiable using ranges (new internals that will be expanded in future versions) in (:pull:1119)
  • Add create_compatible_tags_selector to select compatible tags in (:pull:1110)
  • Add a key argument to SpecifierSet.filter() in (:pull:1068)
  • Support & and | for Marker's in (:pull:1146)
  • Normalize Version.__replace__ and add Version.from_parts in (:pull:1078)
  • Add an option to validate compressed tag set sort order in parse_wheel_filename in (:pull:1150)

Behavior adaptations:

  • Narrow exclusion of pre-releases for <V.postN to match spec in (:pull:1140)
  • Narrow exclusion of post-releases for >V to match spec in (:pull:1141)
  • Rename format_full_version to _format_full_version to make it visibly private in (:pull:1125)
  • Restrict local version to ASCII in (:pull:1102)

Pylock (PEP 751) updates:

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump packaging from 26.0 to 26.2
4c2f6e9 
Bumps [packaging](https://github.com/pypa/packaging) from 26.0 to 26.2.
- [Release notes](https://github.com/pypa/packaging/releases)
- [Changelog](https://github.com/pypa/packaging/blob/main/CHANGELOG.rst)
- [Commits](pypa/packaging@26.0...26.2)

---
updated-dependencies:
- dependency-name: packaging
  dependency-version: '26.2'
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels May 12, 2026
@dependabot dependabot Bot requested a review from a team as a code owner May 12, 2026 23:07
@dependabot dependabot Bot added python Pull requests that update Python code dependencies Pull requests that update a dependency file labels May 12, 2026
aws-sam-cli-bot
aws-sam-cli-bot reviewed May 12, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@aws-sam-cli-bot aws-sam-cli-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review Results

Reviewed: 9f13e3d..4c2f6e9
Files: 4
Comments: 1

Comments on lines outside the diff:

[requirements/reproducible-linux.txt:81] [GENERAL] The PR title states bump packaging from 26.0 to 26.2, but the diff contains substantive changes beyond the packaging bump that are not mentioned in the description:

  • binaryornot is downgraded from 0.6.0 to 0.4.4 (also applied in reproducible-mac.txt:81 and reproducible-win.txt:81).
  • chardet==5.2.0 is added as a new transitive dependency in all three lock files.
  • installer/pyinstaller/hook-samcli.py drops the hooks.collect_all("binaryornot", ...) entry and its explanatory comment.

These changes are internally consistent (binaryornot 0.4.4 does not use the binaryornot.data / importlib.resources.files() pattern that required the PyInstaller hook, and chardet is pulled in because 0.4.4 depends on it), but they are functionally a downgrade of a transitive dependency across ~7 years of releases (0.4.4 shipped in 2017, 0.6.0 in 2024), not a version bump. A silent regression like this is easy to miss for reviewers scanning only the title/description, and it will be misrepresented in any changelog derived from the PR metadata.

Two concrete concerns:

  1. The PR title/description should be updated to call out the binaryornot downgrade and the reason for it (presumably to avoid the PyInstaller importlib.resources.files() collection issue referenced in the removed comment), or the non-packaging changes should be split into a separate PR so each change is reviewed on its own merits.
  2. If the binaryornot downgrade is intentional as a PyInstaller workaround, consider whether keeping binaryornot at 0.6.0 with the existing collect_all hook is preferable to regressing the library itself — the current hook entry already solved that problem, so the rationale for dropping it alongside the downgrade is worth making explicit in the PR description.

@roger-zhangg roger-zhangg enabled auto-merge May 12, 2026 23:53
vicheey
vicheey approved these changes May 13, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@vicheey vicheey left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved: dependabot dependency update.

@roger-zhangg roger-zhangg added this pull request to the merge queue May 13, 2026
Merged via the queue into develop with commit baf0e10 May 13, 2026
55 checks passed
@dependabot dependabot Bot deleted the dependabot/pip/develop/packaging-26.2 branch May 13, 2026 01:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aws-sam-cli-bot aws-sam-cli-bot aws-sam-cli-bot left review comments

@roger-zhangg roger-zhangg roger-zhangg approved these changes

@vicheey vicheey vicheey approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file pr/internal python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@roger-zhangg @aws-sam-cli-bot @vicheey