From ef53f7ba170396049e5f76771344119e0b2b2afa Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 16 Dec 2025 10:21:36 +0000
Subject: [PATCH 1/2] Bump librt from 0.7.3 to 0.7.4 (#11851)

Bumps [librt](https://github.com/mypyc/librt) from 0.7.3 to 0.7.4.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/mypyc/librt/commit/87e36475ef8e8bc47945bd7067391a86fcc11d70"><code>87e3647</code></a>
Sync mypy and bump version to 0.7.4</li>
<li><a
href="https://github.com/mypyc/librt/commit/62e0564391d9d93585c678e9b8bf19eb3aab2690"><code>62e0564</code></a>
Add some badges to README (<a
href="https://redirect.github.com/mypyc/librt/issues/25">#25</a>)</li>
<li>See full diff in <a
href="https://github.com/mypyc/librt/compare/v0.7.3...v0.7.4">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=librt&package-manager=pip&previous-version=0.7.3&new-version=0.7.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 requirements/constraints.txt | 2 +-
 requirements/dev.txt         | 2 +-
 requirements/lint.txt        | 2 +-
 requirements/test-common.txt | 2 +-
 requirements/test-ft.txt     | 2 +-
 requirements/test.txt        | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/requirements/constraints.txt b/requirements/constraints.txt
index 9174ccde9ab..be77948037a 100644
--- a/requirements/constraints.txt
+++ b/requirements/constraints.txt
@@ -102,7 +102,7 @@ jinja2==3.1.6
     # via
     #   sphinx
     #   towncrier
-librt==0.7.3
+librt==0.7.4
     # via mypy
 markdown-it-py==4.0.0
     # via rich
diff --git a/requirements/dev.txt b/requirements/dev.txt
index 1baf1fbf9a4..16c8f74f16e 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -100,7 +100,7 @@ jinja2==3.1.6
     # via
     #   sphinx
     #   towncrier
-librt==0.7.3
+librt==0.7.4
     # via mypy
 markdown-it-py==4.0.0
     # via rich
diff --git a/requirements/lint.txt b/requirements/lint.txt
index 38de31c5697..c9a7d810af0 100644
--- a/requirements/lint.txt
+++ b/requirements/lint.txt
@@ -43,7 +43,7 @@ iniconfig==2.3.0
     # via pytest
 isal==1.7.2
     # via -r requirements/lint.in
-librt==0.7.3
+librt==0.7.4
     # via mypy
 markdown-it-py==4.0.0
     # via rich
diff --git a/requirements/test-common.txt b/requirements/test-common.txt
index d6d08fe4387..8607d48d007 100644
--- a/requirements/test-common.txt
+++ b/requirements/test-common.txt
@@ -34,7 +34,7 @@ iniconfig==2.3.0
     # via pytest
 isal==1.8.0 ; python_version < "3.14"
     # via -r requirements/test-common.in
-librt==0.7.3
+librt==0.7.4
     # via mypy
 markdown-it-py==4.0.0
     # via rich
diff --git a/requirements/test-ft.txt b/requirements/test-ft.txt
index 60689092dae..958a3877fcb 100644
--- a/requirements/test-ft.txt
+++ b/requirements/test-ft.txt
@@ -55,7 +55,7 @@ iniconfig==2.3.0
     # via pytest
 isal==1.8.0 ; python_version < "3.14"
     # via -r requirements/test-common.in
-librt==0.7.3
+librt==0.7.4
     # via mypy
 markdown-it-py==4.0.0
     # via rich
diff --git a/requirements/test.txt b/requirements/test.txt
index 0a6036b1fb9..42f6caee201 100644
--- a/requirements/test.txt
+++ b/requirements/test.txt
@@ -55,7 +55,7 @@ iniconfig==2.3.0
     # via pytest
 isal==1.7.2 ; python_version < "3.14"
     # via -r requirements/test-common.in
-librt==0.7.3
+librt==0.7.4
     # via mypy
 markdown-it-py==4.0.0
     # via rich

From ab4f65545ddabea0d579673f69e0e36404e15b3d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 16 Dec 2025 10:29:54 +0000
Subject: [PATCH 2/2] Bump filelock from 3.20.0 to 3.20.1 (#11852)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps [filelock](https://github.com/tox-dev/py-filelock) from 3.20.0 to
3.20.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tox-dev/py-filelock/releases">filelock's
releases</a>.</em></p>
<blockquote>
<h2>3.20.1</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<ul>
<li>CVE-2025-68146: Fix TOCTOU symlink vulnerability in lock file
creation by <a
href="https://github.com/gaborbernat"><code>@​gaborbernat</code></a> in
<a
href="https://redirect.github.com/tox-dev/filelock/pull/461">tox-dev/filelock#461</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/tox-dev/filelock/compare/3.20.0...3.20.1">https://github.com/tox-dev/filelock/compare/3.20.0...3.20.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/tox-dev/filelock/commit/377f62251d7cdf30768cc9ee1eb31cea1551c71b"><code>377f622</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/460">#460</a>)</li>
<li><a
href="https://github.com/tox-dev/filelock/commit/4724d7f8c3393ec1f048c93933e6e3e6ec321f0e"><code>4724d7f</code></a>
Fix TOCTOU symlink vulnerability in lock file creation (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/461">#461</a>)</li>
<li><a
href="https://github.com/tox-dev/filelock/commit/cb69414a2327cf0a9887e12054d1dc112ee700af"><code>cb69414</code></a>
Bump actions/upload-artifact from 5 to 6 (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/459">#459</a>)</li>
<li><a
href="https://github.com/tox-dev/filelock/commit/0769294f14a6c62eea64741722f7acef5386b4cd"><code>0769294</code></a>
Bump actions/download-artifact from 6 to 7 (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/458">#458</a>)</li>
<li><a
href="https://github.com/tox-dev/filelock/commit/414193a188892bd376eb5c56eb45a9cf8ecc9284"><code>414193a</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/457">#457</a>)</li>
<li><a
href="https://github.com/tox-dev/filelock/commit/1456797beb94ad59e5627462ad29f7ed3a966626"><code>1456797</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/456">#456</a>)</li>
<li><a
href="https://github.com/tox-dev/filelock/commit/8d6bf90af313ac7fd6e41ef2b715d91dd6858f5c"><code>8d6bf90</code></a>
Bump actions/checkout from 5 to 6 (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/455">#455</a>)</li>
<li><a
href="https://github.com/tox-dev/filelock/commit/f7edeebddf79c210db2a6af145d33849e93c5550"><code>f7edeeb</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/454">#454</a>)</li>
<li><a
href="https://github.com/tox-dev/filelock/commit/fb0923562189078b524ad3bd978e5e743dea9b2f"><code>fb09235</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/453">#453</a>)</li>
<li><a
href="https://github.com/tox-dev/filelock/commit/f5825d867707b432e1c93f85833ce8d3766c986c"><code>f5825d8</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/452">#452</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/tox-dev/py-filelock/compare/3.20.0...3.20.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=filelock&package-manager=pip&previous-version=3.20.0&new-version=3.20.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 requirements/constraints.txt | 2 +-
 requirements/dev.txt         | 2 +-
 requirements/lint.txt        | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/requirements/constraints.txt b/requirements/constraints.txt
index be77948037a..722d5785788 100644
--- a/requirements/constraints.txt
+++ b/requirements/constraints.txt
@@ -69,7 +69,7 @@ exceptiongroup==1.3.1
     # via pytest
 execnet==2.1.2
     # via pytest-xdist
-filelock==3.20.0
+filelock==3.20.1
     # via virtualenv
 forbiddenfruit==0.1.4
     # via blockbuster
diff --git a/requirements/dev.txt b/requirements/dev.txt
index 16c8f74f16e..ef328d2ef76 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -67,7 +67,7 @@ exceptiongroup==1.3.1
     # via pytest
 execnet==2.1.2
     # via pytest-xdist
-filelock==3.20.0
+filelock==3.20.1
     # via virtualenv
 forbiddenfruit==0.1.4
     # via blockbuster
diff --git a/requirements/lint.txt b/requirements/lint.txt
index c9a7d810af0..53e9fb07a03 100644
--- a/requirements/lint.txt
+++ b/requirements/lint.txt
@@ -29,7 +29,7 @@ distlib==0.4.0
     # via virtualenv
 exceptiongroup==1.3.1
     # via pytest
-filelock==3.20.0
+filelock==3.20.1
     # via virtualenv
 forbiddenfruit==0.1.4
     # via blockbuster