Bump the all-dependencies group in /api with 17 updates

[dependabot]

Bumps the all-dependencies group in /api with 17 updates:

Package	From	To
boto3	1.42.39	1.42.59
botocore	1.42.39	1.42.59
certifi	2026.1.4	2026.2.25
flask	3.1.2	3.1.3
greenlet	3.3.1	3.3.2
pydantic-core	2.41.5	2.42.0
sqlalchemy	2.0.46	2.0.47
werkzeug	3.1.5	3.1.6
pip	26.0	26.0.1
pip-tools	7.5.2	7.5.3
cachetools	6.2.6	7.0.1
chardet	5.2.0	6.0.0.post1
coverage	7.13.2	7.13.4
filelock	3.20.3	3.25.0
platformdirs	4.5.1	4.9.2
tox	4.34.1	4.47.0
virtualenv	20.36.1	21.1.0

Updates boto3 from 1.42.39 to 1.42.59

Commits

• cef3033 Merge branch 'release-1.42.59'
• 463794a Bumping version to 1.42.59
• 591d881 Add changelog entries from botocore
• d327a89 Merge branch 'release-1.42.58'
• 8727558 Merge branch 'release-1.42.58' into develop
• 14eee00 Bumping version to 1.42.58
• dbe54fa Add changelog entries from botocore
• 1536571 Merge branch 'release-1.42.57'
• 8108f80 Merge branch 'release-1.42.57' into develop
• 20eb2f4 Bumping version to 1.42.57
• Additional commits viewable in compare view

Updates botocore from 1.42.39 to 1.42.59

Commits

• c204bb1 Merge branch 'release-1.42.59'
• 7e59865 Bumping version to 1.42.59
• b38a03c Update to latest models
• 97336ff Merge customizations for ARC Region switch
• f76046b Merge branch 'release-1.42.58'
• be2689a Merge branch 'release-1.42.58' into develop
• 47f8789 Bumping version to 1.42.58
• 14bc74f Update to latest models
• 8c0427a Add support for None values in list parsing (#3618)
• 86d9ec3 Merge branch 'release-1.42.57'
• Additional commits viewable in compare view

Updates certifi from 2026.1.4 to 2026.2.25

Commits

• 8571a4b 2026.02.25 (#395)
• 6f7de00 Bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 (#390)
• a1de59b Bump actions/checkout from 6.0.1 to 6.0.2 (#391)
• 7f5ade5 Bump actions/setup-python from 6.1.0 to 6.2.0 (#392)
• See full diff in compare view

Updates flask from 3.1.2 to 3.1.3

Release notes

Sourced from flask's releases.

3.1.3

This is the Flask 3.1.3 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Flask/3.1.3/ Changes: https://flask.palletsprojects.com/page/changes/#version-3-1-3

• The session is marked as accessed for operations that only access the keys but not the values, such as in and len. GHSA-68rp-wp8r-4726

Changelog

Sourced from flask's changelog.

Version 3.1.3

Released 2026-02-18

• The session is marked as accessed for operations that only access the keys but not the values, such as in and len. :ghsa:68rp-wp8r-4726

Commits

• 22d9247 release version 3.1.3
• 089cb86 Merge commit from fork
• c17f379 request context tracks session access
• 27be933 start version 3.1.3
• 4e652d3 Abort if the instance folder cannot be created (#5903)
• 3d03098 Abort if the instance folder cannot be created
• 407eb76 document using gevent for async (#5900)
• ac5664d document using gevent for async
• 4f79d5b Increase required flit_core version to 3.11 (#5865)
• fe3b215 Increase required flit_core version to 3.11
• Additional commits viewable in compare view

Updates greenlet from 3.3.1 to 3.3.2

Changelog

Sourced from greenlet's changelog.

3.3.2 (2026-02-20)

• Fix a crash on Python 3.10 if there are active greenlets during interpreter shutdown. See PR 495 <https://github.com/python-greenlet/greenlet/pull/495>_ by Nicolas Bouvrette.

Commits

• a62f331 Preparing release 3.3.2
• c73a2c6 Pull in change note for 3.2.5
• 4eb47c8 test_untracked_memory_doesnt_increase_unfinished_thread_dealloc_in_main: A ch...
• 53ac405 Add change note for #495
• d5b8515 Merge pull request #495 from nbouvrette/fix/safe-finalization-py310
• e0625d7 Merge pull request #494 from daniel7an/fix/issue-492-spdx-license
• 292e126 Fix SIGSEGV/SIGABRT during interpreter shutdown on Python < 3.11
• 77e65f0 Fix SPDX license identifier: Python-2.0 → PSF-2.0
• d4606ef leak tests: do a better job skipping if uss isn't available. Fixes #485
• 74a11b8 Back to development: 3.3.2
• See full diff in compare view

Updates pydantic-core from 2.41.5 to 2.42.0

Commits

• See full diff in compare view

Updates sqlalchemy from 2.0.46 to 2.0.47

Release notes

Sourced from sqlalchemy's releases.

2.0.47

Released: February 24, 2026

orm

• [orm] [bug] Fixed issue when using ORM mappings with Python 3.14's PEP 649 feature that no longer requires "future annotations", where the ORM's introspection of the __init__ method of mapped classes would fail if non-present identifiers in annotations were present. The vendored getfullargspec() method has been amended to use Format.FORWARDREF under Python 3.14 to prevent resolution of names that aren't present.

  References: #13104

engine

• [engine] [usecase] The connection object returned by _engine.Engine.raw_connection() now supports the context manager protocol, automatically returning the connection to the pool when exiting the context.

  References: #13116

postgresql

• [postgresql] [bug] Fixed an issue in the PostgreSQL dialect where foreign key constraint reflection would incorrectly swap or fail to capture onupdate and ondelete values when these clauses appeared in a different order than expected in the constraint definition. This issue primarily affected PostgreSQL-compatible databases such as CockroachDB, which may return ON DELETE before ON UPDATE in the constraint definition string. The reflection logic now correctly parses both clauses regardless of their ordering.

  References: #13105

• [postgresql] [bug] Fixed issue in the engine_insertmanyvalues feature where using PostgreSQL's ON CONFLICT clause with _dml.Insert.returning.sort_by_parameter_order enabled would generate invalid SQL when the insert used an implicit sentinel (server-side autoincrement primary key). The generated SQL would incorrectly declare a sentinel counter column in the imp_sen table alias without providing corresponding values in the VALUES clause, leading to a ProgrammingError indicating column count mismatch. The fix allows batch execution mode when embed_values_counter is active, as the embedded counter provides the ordering capability needed even with upsert behaviors, rather than unnecessarily downgrading to row-at-a-time execution.

... (truncated)

Commits

• See full diff in compare view

Updates werkzeug from 3.1.5 to 3.1.6

Release notes

Sourced from werkzeug's releases.

3.1.6

This is the Werkzeug 3.1.6 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Werkzeug/3.1.6/ Changes: https://werkzeug.palletsprojects.com/page/changes/#version-3-1-6

• safe_join on Windows does not allow special devices names in multi-segment paths. GHSA-29vq-49wr-vm6x

Changelog

Sourced from werkzeug's changelog.

Version 3.1.6

Released 2026-02-19

• safe_join on Windows does not allow special devices names in multi-segment paths. :ghsa:29vq-49wr-vm6x

Commits

• 04da1b5 release version 3.1.6
• f407712 Merge commit from fork
• f54fe98 safe_join prevents Windows special device names in multi-segment paths
• d005985 start version 3.1.6
• 8565c2c document rule priority (#3102)
• 3febc7e document rule priority
• 2525b82 remove state machine docs
• 4abfbd5 rewrite build docstring (#3097)
• 161c18b rewrite build docstring
• 86e11c2 release version 3.1.5 (#3085)
• See full diff in compare view

Updates pip from 26.0 to 26.0.1

Changelog

Sourced from pip's changelog.

26.0.1 (2026-02-04)

Bug Fixes

• Fix --pre not being respected from the command line when a requirement file includes an option e.g. -extra-index-url. ([#13788](https://github.com/pypa/pip/issues/13788) <https://github.com/pypa/pip/issues/13788>_)

Commits

• 5fe4ea4 Bump for release
• bea3cbe windows fix tests
• ed22252 News Entry
• af13274 Match release control behavior to the same as format control behavior
• See full diff in compare view

Updates pip-tools from 7.5.2 to 7.5.3

Release notes

Sourced from pip-tools's releases.

v7.5.3

2026-02-11

Bug fixes

• The option --unsafe-package is now normalized -- by @​shifqu.

  PRs and issues: #2150

• Fixed a bug in which pip-compile lost any index URL options when looking up hashes -- by @​sirosen.

  This caused errors when a package was only available from an extra index, and caused pip-compile to incorrectly drop index URL options from output, even when they were present in the input requirements.

  PRs and issues: #2220, #2294, #2305

• Fixed removal of temporary files used when reading requirements from stdin -- by @​sirosen.

Features

• pip-tools is now tested against Python 3.14 and 3.14t in CI, and marks them as supported in the core packaging metadata -- by @​webknjaz.

  PRs and issues: #2255

• pip-tools is now compatible with pip 26.0 -- by @​sirosen.

  PRs and issues: #2319, #2320

Removals and backward incompatible breaking changes

• Removed support for Python 3.8 -- by @​sirosen.

Improved documentation

• The change log management infra now allows the maintainers to add notes before and after the regular categories -- by @​webknjaz.

  PRs and issues: #2287, #2322

• Added documentation clarifying that pip-compile reads the existing output file as a constraint source, and how to use --upgrade to refresh dependencies -- by @​maliktafheem.

  PRs and issues: #2307

... (truncated)

Changelog

Sourced from pip-tools's changelog.

v7.5.3

2026-02-09

Bug fixes

• The option --unsafe-package is now normalized -- by {user}shifqu.

  PRs and issues: {issue}2150

• Fixed a bug in which pip-compile lost any index URL options when looking up hashes -- by {user}sirosen.

  This caused errors when a package was only available from an extra index, and caused pip-compile to incorrectly drop index URL options from output, even when they were present in the input requirements.

  PRs and issues: {issue}2220, {issue}2294, {issue}2305

• Fixed removal of temporary files used when reading requirements from stdin -- by {user}sirosen.

Features

• pip-tools is now tested against Python 3.14 and 3.14t in CI, and marks them as supported in the core packaging metadata -- by {user}webknjaz.

  PRs and issues: {issue}2255

• pip-tools is now compatible with pip 26.0 -- by {user}sirosen.

  PRs and issues: {issue}2319, {issue}2320

Removals and backward incompatible breaking changes

• Removed support for Python 3.8 -- by {user}sirosen.

Improved documentation

• The change log management infra now allows the maintainers to add notes before and after the regular categories -- by {user}webknjaz.

  PRs and issues: {issue}2287, {issue}2322

• Added documentation clarifying that pip-compile reads the existing output file as a constraint source, and how to use --upgrade to refresh dependencies -- by {user}maliktafheem.

  PRs and issues: {issue}2307

... (truncated)

Commits

• 5f31d8a Merge pull request #2332 from sirosen/fix-release-version-normalization
• 106f1d6 Fix CI workflow to normalize versions (for release)
• 3a0f5ed Merge pull request #2329 from sirosen/release/v7.5.3
• e4bd31d Merge pull request #2328 from jazzband/pre-commit-ci-update-config
• 08107ab Update changelog for version 7.5.3
• 5b4d130 Merge pull request #2325 from sirosen/ensure-tmpfile-cleanup
• cc6a2b9 Apply feedback/suggestions from review
• fc53265 [pre-commit.ci] pre-commit autoupdate
• 6c27507 Add 'tempfile_compat' to handle windows tmp files
• 9ac94db Fix leak of temp files when reading from stdin
• Additional commits viewable in compare view

Updates cachetools from 6.2.6 to 7.0.1

Changelog

Sourced from cachetools's changelog.

v7.0.1 (2026-02-10)

• Various test improvements.

• Update Copilot Instructions.

v7.0.0 (2026-02-01)

• Require Python 3.10 or later (breaking change).

• Drop support for passing info as fourth positional parameter to @cached (breaking change).

• Drop support for cache(self) returning None with @cachedmethod (breaking change).

• Convert the @cachedmethod wrappers to descriptors, deprecating its use with class methods and instances that do not provide a mutable __dict__ attribute (potentially breaking change).

• Convert the previously undocumented @cachedmethod attributes (cache, cache_lock, etc.) to properties for instance methods, providing official support and documentation (potentially breaking change).

• Add an optional info parameter to the @cachedmethod decorator for reporting per-instance cache statistics. Note that this requires the instance's __dict__ attribute to be a mutable mapping.

Commits

• e5f8f01 Release v7.0.1.
• bd4e24d More test improvements.
• 67ae4fb Minor test corrections and cleanups.
• 8e73eae Update Copilot Instructions.
• 28bbcba Release v7.0.0.
• 45776b2 Minor code and documentation improvements.
• 51a70a9 Fix #357: Update documentation.
• bb72c21 Fix #357: Add cache_info() support for @​cachedmethod.
• 86352ae Fix #357: Convert @​cachedmethod decorators to descriptors.
• 263cf31 Prepare v7.0.0.
• Additional commits viewable in compare view

Updates chardet from 5.2.0 to 6.0.0.post1

Release notes

Sourced from chardet's releases.

6.0.0.post1

• Fixed version number in chardet/version.py still being set to 6.0.0dev0. Otherwise identical to 6.0.0.

6.0.0

Features

• Unified single-byte charset detection: Instead of only having trained language models for a handful of languages (Bulgarian, Greek, Hebrew, Hungarian, Russian, Thai, Turkish) and relying on special-case Latin1Prober and MacRomanProber heuristics for Western encodings, chardet now treats all single-byte charsets the same way: every encoding gets proper language-specific bigram models trained on CulturaX corpus data. This means chardet can now accurately detect both the encoding and the language for all supported single-byte encodings.
• 38 new languages: Arabic, Belarusian, Breton, Croatian, Czech, Danish, Dutch, English, Esperanto, Estonian, Farsi, Finnish, French, German, Icelandic, Indonesian, Irish, Italian, Kazakh, Latvian, Lithuanian, Macedonian, Malay, Maltese, Norwegian, Polish, Portuguese, Romanian, Scottish Gaelic, Serbian, Slovak, Slovene, Spanish, Swedish, Tajik, Ukrainian, Vietnamese, and Welsh. Existing models for Bulgarian, Greek, Hebrew, Hungarian, Russian, Thai, and Turkish were also retrained with the new pipeline.
• EncodingEra filtering: New encoding_era parameter to detect allows filtering by an EncodingEra flag enum (MODERN_WEB, LEGACY_ISO, LEGACY_MAC, LEGACY_REGIONAL, DOS, MAINFRAME, ALL) allows callers to restrict detection to encodings from a specific era. detect() and detect_all() default to MODERN_WEB. The new MODERN_WEB default should drastically improve accuracy for users who are not working with legacy data. The tiers are:
  • MODERN_WEB: UTF-8/16/32, Windows-125x, CP874, CJK multi-byte (widely used on the web)
  • LEGACY_ISO: ISO-8859-x, KOI8-R/U (legacy but well-known standards)
  • LEGACY_MAC: Mac-specific encodings (MacRoman, MacCyrillic, etc.)
  • LEGACY_REGIONAL: Uncommon regional/national encodings (KOI8-T, KZ1048, CP1006, etc.)
  • DOS: DOS/OEM code pages (CP437, CP850, CP866, etc.)
  • MAINFRAME: EBCDIC variants (CP037, CP500, etc.)
• --encoding-era CLI flag: The chardetect CLI now accepts -e/--encoding-era to control which encoding eras are considered during detection.
• max_bytes and chunk_size parameters: detect(), detect_all(), and UniversalDetector now accept max_bytes (default 200KB) and chunk_size (default 64KB) parameters for controlling how much data is examined. (#314, @​bysiber)
• Encoding era preference tie-breaking: When multiple encodings have very close confidence scores, the detector now prefers more modern/Unicode encodings over legacy ones.
• Charset metadata registry: New chardet.metadata.charsets module provides structured metadata about all supported encodings, including their era classification and language filter.
• should_rename_legacy now defaults intelligently: When set to None (the new default), legacy renaming is automatically enabled when encoding_era is MODERN_WEB.
• Direct GB18030 support: Replaced the redundant GB2312 prober with a proper GB18030 prober.
• EBCDIC detection: Added CP037 and CP500 EBCDIC model registrations for mainframe encoding detection.
• Binary file detection: Added basic binary file detection to abort analysis earlier on non-text files.
• Python 3.12, 3.13, and 3.14 support (#283, @​hugovk; #311)
• GitHub Codespace support (#312, @​oxygen-dioxide)

Fixes

• Fix CP949 state machine: Corrected the state machine for Korean CP949 encoding detection. (#268, @​nenw)
• Fix SJIS distribution analysis: Fixed SJISDistributionAnalysis discarding valid second-byte range >= 0x80. (#315, @​bysiber)
• Fix UTF-16/32 detection for non-ASCII-heavy text: Improved detection of UTF-16/32 encoded CJK and other non-ASCII text by adding a MIN_RATIO threshold alongside the existing EXPECTED_RATIO.
• Fix get_charset crash: Resolved a crash when looking up unknown charset names.
• Fix GB18030 char_len_table: Corrected the character length table for GB18030 multi-byte sequences.
• Fix UTF-8 state machine: Updated to be more spec-compliant.
• Fix detect_all() returning inactive probers: Results from probers that determined "definitely not this encoding" are now excluded.
• Fix early cutoff bug: Resolved an issue where detection could terminate prematurely.
• Default UTF-8 fallback: If UTF-8 has not been ruled out and nothing else is above the minimum threshold, UTF-8 is now returned as the default.

Breaking changes

• Dropped Python 3.7, 3.8, and 3.9 support: Now requires Python 3.10+. (#283, @​hugovk)
• Removed Latin1Prober and MacRomanProber: These special-case probers have been replaced by the unified model-based approach described above. Latin-1, MacRoman, and all other single-byte encodings are now detected by SingleByteCharSetProber with trained language models, giving better accuracy and language identification.
• Removed EUC-TW support: EUC-TW encoding detection has been removed as it is extremely rare in practice.
• LanguageFilter.NONE removed: Use specific language filters or LanguageFilter.ALL instead.
• Enum types changed: InputState, ProbingState, MachineState, SequenceLikelihood, and CharacterCategory are now IntEnum (previously plain classes or Enum). LanguageFilter values changed from hardcoded hex to auto().
• detect() default behavior change: detect() now defaults to encoding_era=EncodingEra.MODERN_WEB and should_rename_legacy=None (auto-enabled for MODERN_WEB), whereas previously it defaulted to considering all encodings with no legacy renaming.

Misc changes

• Switched from Poetry/setuptools to uv + hatchling: Build system modernized with hatch-vcs for version management.

... (truncated)

Commits

• 2fa72d8 Update version to 6.0.0.post1
• 8a4636b docs: modernize usage examples and reorganize table of contents
• 20da71e docs: fix copyright start year and remove first-person reference
• b45ae91 docs: update copyright to 2015-2026 chardet contributors
• 3f9910d Add .readthedocs.yaml to fix RTD builds
• 7ef7cd0 Fix pyright type errors in chardetect.py and test.py
• 4025dfa Update documentation for 6.0.0 release
• 1170829 Add LEGACY_REGIONAL encoding era and reclassify misplaced encodings
• 19379ac Add --encoding-era CLI flag and improve heuristic selection
• 61308e2 Pre-release fixes: bump to 6.0.0, fix get_charset crash, cleanup
• Additional commits viewable in compare view

Updates coverage from 7.13.2 to 7.13.4

Changelog

Sourced from coverage's changelog.

Version 7.13.4 — 2026-02-09

• Fix: the third-party code fix in 7.13.3 required examining the parent directories where coverage was run. In the unusual situation that one of the parent directories is unreadable, a PermissionError would occur, as described in issue 2129_. This is now fixed.

• Fix: in test suites that change sys.path, coverage.py could fail with "RuntimeError: Set changed size during iteration" as described and fixed in pull 2130_. Thanks, Noah Fatsi.

• We now publish ppc64le wheels, thanks to Pankhudi Jain <pull 2121_>_.

.. _pull 2121: coveragepy/coveragepy#2121 .. _issue 2129: coveragepy/coveragepy#2129 .. _pull 2130: coveragepy/coveragepy#2130

.. _changes_7-13-3:

Version 7.13.3 — 2026-02-03

• Fix: in some situations, third-party code was measured when it shouldn't have been, slowing down test execution. This happened with layered virtual environments such as uv sometimes makes. The problem is fixed, closing issue 2082_. Now any directory on sys.path that is inside a virtualenv is considered third-party code.

.. _issue 2082: coveragepy/coveragepy#2082

.. _changes_7-13-2:

Commits

• 4f78d57 build: no need to publish status.json
• f8616ff docs: sample HTML for 7.13.4
• fcf8c68 docs: prep for 7.13.4
• 189ecfd docs: thanks Pankhudi Jain for ppc64le wheels #2121
• 58aade0 build: add support for ppc64le architecture (#2121)
• 8ea42c8 chore: bump actions/attest-build-provenance (#2131)
• c09595f docs: Janine put a lot of effort into debugging issue #2128
• 8ee1760 docs: Greg wrote a great issue: #2129
• 76ba043 docs: thanks, Noah Fatsi
• 371fcc5 fix: set fixed paths_list in TreeMatcher init (#2130)
• Additional commits viewable in compare view

Updates filelock from 3.20.3 to 3.25.0

Release notes

Sourced from filelock's releases.

3.25.0

What's Changed

• Add permissions to check workflow by @​gaborbernat in tox-dev/filelock#500
• Move SECURITY.md to .github/SECURITY.md by @​gaborbernat in tox-dev/filelock#501
• Standardize .github files to .yaml suffix by @​gaborbernat in tox-dev/filelock#504
• ✨ feat(async): add AsyncReadWriteLock by @​gaborbernat in tox-dev/filelock#506

Full Changelog: tox-dev/filelock@3.24.4...3.25.0

3.24.4

What's Changed

• Suppress ValueError in _try_break_stale_lock for corrupted lock files by @​bysiber in tox-dev/filelock#496
• Fix ValueError in _acquire_transaction_lock when blocking=False with timeout by @​gaborbernat in tox-dev/filelock#498

New Contributors

• @​bysiber made their first contribution in tox-dev/filelock#496

Full Changelog: tox-dev/filelock@3.24.3...3.24.4

3.24.3

What's Changed

• 🐛 fix(ci): add trailing blank line after changelog entries by @​gaborbernat in tox-dev/filelock#492
• 🐛 fix(unix): handle ENOENT race on FUSE/NFS during acquire by @​gaborbernat in tox-dev/filelock#495

Full Changelog: tox-dev/filelock@3.24.2...3.24.3

3.24.2

What's Changed

• 📝 docs: restructure using Diataxis framework by @​gaborbernat in tox-dev/filelock#489
• 🐛 fix(test): resolve flaky write non-starvation test by @​gaborbernat in tox-dev/filelock#490
• 🐛 fix(rw): close sqlite3 cursors and skip SoftFileLock Windows race by @​gaborbernat in tox-dev/filelock#491

Full Changelog: tox-dev/filelock@3.24.1...3.24.2

3.24.1

What's Changed

• 🐛 fix(soft): resolve Windows deadlock and test race condition by @​gaborbernat in tox-dev/filelock#488

... (truncated)

Changelog

Sourced from filelock's changelog.

########### Changelog ###########

---

3.25.0 (2026-03-01)

---

• ✨ feat(async): add AsyncReadWriteLock :pr:506
• Standardize .github files to .yaml suffix
• build(deps): bump actions/download-artifact from 7 to 8 :pr:503 - by :user:dependabot[bot]
• build(deps): bump actions/upload-artifact from 6 to 7 :pr:502 - by :user:dependabot[bot]
• Move SECURITY.md to .github/SECURITY.md
• Add security policy
• Add permissions to check workflow :pr:500
• [pre-commit.ci] pre-commit autoupdate :pr:499 - by :user:pre-commit-ci[bot]

---

3.24.3 (2026-02-19)

---

• 🐛 fix(unix): handle ENOENT race on FUSE/NFS during acquire :pr:495
• 🐛 fix(ci): add trailing blank line after changelog entries :pr:492

---

3.24.2 (2026-02-16)

---

• 🐛 fix(rw): close sqlite3 cursors and skip SoftFileLock Windows race :pr:491
• 🐛 fix(test): resolve flaky write non-starvation test :pr:490
• 📝 docs: restructure using Diataxis framework :pr:489

---

3.24.1 (2026-02-15)

---

• 🐛 fix(soft): resolve Windows deadlock and test race condition :pr:488

---

3.24.0 (2026-02-14)

---

• ✨ feat(lock): add lifetime parameter for lock expiration (#68) :pr:486
• ✨ feat(lock): add cancel_check to acquire (#309) :pr:487
• 🐛 fix(api): detect same-thread self-deadlock :pr:481
• ✨ feat(mode): respect POSIX default ACLs (#378) :pr:483
• 🐛 fix(win): eliminate lock file race in threaded usage :pr:484
• ✨ feat(lock): add poll_interval to constructor :pr:482
• 🐛 fix(unix): auto-fallback to SoftFileLock on ENOSYS :pr:480

... (truncated)

Commits

• 7f195d9 Release 3.25.0
• df2754e ✨ feat(async): add AsyncReadWriteLock (#506)
• 8a359c5 Standardize .github files to .yaml suffix
• 9e7b33d build(deps): bump actions/download-artifact from 7 to 8 (#503)
• 5fe6836 build(deps): bump actions/upload-artifact from 6 to 7 (#502)
• af265f9 Move SECURITY.md to .github/SECURITY.md
• 67a5569 Add security policy
• 4b8c261 Add permissions to check workflow (#500)
• e749d66 [pre-commit.ci] pre-commit autoupdate (#499)
• 721b37b Fix ValueError in _acquire_transaction_lock when blocking=False with timeout ...
• Additional commits viewable in compare view

Updates platformdirs from 4.5.1 to 4.9.2

Release notes

Sourced from platformdirs's releases.

4.9.2

What's Changed

• 📝 docs(platforms): fix RST formatting and TOC hierarchy by @​gaborbernat in tox-dev/platformdirs#447
• 📝 docs: restructure following Diataxis framework by @​gaborbernat in tox-dev/platformdirs#448

Full Changelog: tox-dev/platformdirs@4.9.1...4.9.2

4.9.1

What's Changed

• 📝 docs: enhance README, fix issues, and reorganize platforms.rst by @​gaborbernat in tox-dev/platformdirs#445

Full Changelog: tox-dev/platformdirs@4.9.0...4.9.1

4.9.0

What's Changed

• 📝 docs(usage): add use_site_for_root and comprehensive guidance by @​gaborbernat in tox-dev/platformdirs#439
• 🐛 fix(unix): use correct runtime dir path for OpenBSD by @​gaborbernat in tox-dev/platformdirs#440
• ✨ feat(api): add site_applications_dir property by @​gaborbernat in tox-dev/platformdirs#442
• ✨ feat(api): add site_bin_dir property by @​gaborbernat in tox-dev/platformdirs#443
• 📚 docs: split usage guide into tutorial, how-to, and reference by @​gaborbernat in tox-dev/platformdirs#441

Full Changelog: tox-dev/platformdirs@4.8.0...4.9.0

4.8.0

What's Changed

• 📝 docs(windows): document Store Python sandbox path behavior by @​gaborbernat in tox-dev/platformdirs#423
• ✨ feat(api): add site_log_dir and document Store Python sandbox by @​gaborbernat in tox-dev/platformdirs#424
• ✨ feat(api): add site_state_dir for system-wide state by @​gaborbernat in tox-dev/platformdirs#425
• ✨ feat(api): add use_site_for_root parameter by @​gaborbernat in tox-dev/platformdirs#426
• ✨ feat(windows): add PLATFORMDIRS_* env var overrides by @​gaborbernat in tox-dev/platformdirs#427
• ✨ feat(windows): add WIN_PD_OVERRIDE_* env var overrides by @​gaborbernat in tox-dev/platformdirs#428
• 🐛 fix(macos): yield individual site dirs in iter_*_dirs by @​gaborbernat in tox-dev/platformdirs#429
• ✨ feat(api): add user_bin_dir property by @​gaborbernat in tox-dev/platformdirs#430
• ✨ feat(api): add user_applications_dir property by @​gaborbernat in tox-dev/platformdirs#432
• 📝 docs(usage): note that home dir is in stdlib by @​gaborbernat in tox-dev/platformdirs#431

Full Changelog: tox-dev/platformdirs@4.7.1...4.8.0

... (truncated)

Changelog

Sourced from platformdirs's changelog.

########### Changelog ###########

---

4.9.2 (2026-02-16)

---

• 📝 docs: restructure following Diataxis framework :pr:448
• 📝 docs(platforms): fix RST formatting and TOC hierarchy :pr:447

---

4.9.1 (2026-02-14)

---

• 📝 docs: enhance README, fix issues, and reorganize platforms.rst :pr:445

---

4.9.0 (2026-02-14)

---

• 📚 docs: split usage guide into tutorial, how-to, and reference :pr:441
• ✨ feat(api): add site_bin_dir property :pr:443
• ✨ feat(api): add site_applications_dir property :pr:442
• 🐛 fix(unix): use correct runtime dir path for OpenBSD :pr:440
• 📝 docs(usage): document use_site_for_root parameter :pr:439

---

4.8.0 (2026-02-14)

---

• 📝 docs(usage): note that home dir is in stdlib :pr:431
• ✨ feat(api): add user_applications_dir property :pr:432
• ✨ feat(api): add user_bin_dir property :pr:430
• 🐛 fix(macos): yield individual site dirs in iter_*_dirs :pr:429
• ✨ feat(windows): add WIN_PD_OVERRIDE_* env var overrides :pr:428
• ✨ feat(windows): add PLATFORMDIRS_* env var overrides :pr:427
• ✨ feat(api): add use_site_for_root parameter :pr:426
• ✨ feat(api): add site_state_dir for system-wide state :pr:425
• ✨ feat(api): add site_log_dir and document Store Python sandbox :pr:424
• 📝 docs(windows): document Store Python sandbox path behavior :pr:423

---

4.7.1 (2026-02-13)

---

• 🐛 fix(windows): avoid FileNotFoundError in sandboxed environments :pr:422

---

4.7.0 (2026-02-12)

... (truncated)

Commits

• 72271a6 Release 4.9.2
• 3e45fa9 📝 docs: restructure following Diataxis framework (#448)
• 1d8448b 📝 docs(platforms): fix RST formatting and TOC hierarchy (#447)
• f656849 Release 4.9.1
• d983fb1 📝 docs: enhance README, fix issues, and reorganize platforms.rst (#445)
• 685a1d9 Release 4.9.0
• ae73d34 📚 docs: split usage guide into tutorial, how-to, and reference (#441)
• 816747e ✨ feat(api): add site_bin_dir property (#443)
• 7a47ac4 ✨ feat(api): add site_applications_dir property (