Update dependency packaging to v26 #840

renovate · 2026-01-21T21:09:50Z

This PR contains the following updates:

Package	Change	Age	Confidence
packaging	`==25.0` → `==26.0`

Release Notes

pypa/packaging (packaging)

`v26.0`

Compare Source

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

github-actions · 2026-01-21T21:12:26Z

❌MegaLinter analysis: Error

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
⚠️ ACTION	actionlint	4		3	0	0.07s
✅ COPYPASTE	jscpd	yes		no	no	2.18s
⚠️ DOCKERFILE	hadolint	2		1	0	0.08s
✅ JSON	jsonlint	3		0	0	0.32s
✅ JSON	prettier	3	0	0	0	0.62s
✅ JSON	v8r	3		0	0	2.87s
⚠️ MARKDOWN	markdownlint	12	0	17	0	1.36s
✅ MARKDOWN	markdown-table-formatter	12	0	0	0	0.21s
✅ PYTHON	bandit	7		0	0	1.37s
✅ PYTHON	black	7	0	0	0	1.69s
✅ PYTHON	flake8	7		0	0	0.88s
✅ PYTHON	isort	7	0	0	0	0.28s
⚠️ PYTHON	mypy	7		5	0	4.83s
✅ PYTHON	pylint	7		0	0	9.91s
⚠️ PYTHON	pyright	7		4	0	4.93s
✅ PYTHON	ruff	7	0	0	0	0.03s
✅ REPOSITORY	checkov	yes		no	no	19.23s
✅ REPOSITORY	gitleaks	yes		no	no	16.49s
✅ REPOSITORY	git_diff	yes		no	no	0.02s
⚠️ REPOSITORY	grype	yes		11	no	36.62s
✅ REPOSITORY	secretlint	yes		no	no	0.96s
✅ REPOSITORY	syft	yes		no	no	1.89s
❌ REPOSITORY	trivy	yes		1	no	12.18s
✅ REPOSITORY	trivy-sbom	yes		no	no	3.75s
✅ REPOSITORY	trufflehog	yes		no	no	3.53s
✅ SPELL	cspell	49		0	0	4.42s
⚠️ SPELL	lychee	30		2	0	4.25s
✅ YAML	prettier	15	0	0	0	0.87s
✅ YAML	v8r	15		0	0	8.06s
✅ YAML	yamllint	15		0	0	0.69s

Detailed Issues

❌ REPOSITORY / trivy - 1 error

2026-01-21T21:11:47Z	INFO	[vulndb] Need to update DB
2026-01-21T21:11:47Z	INFO	[vulndb] Downloading vulnerability DB...
2026-01-21T21:11:47Z	INFO	[vulndb] Downloading artifact...	repo="mirror.gcr.io/aquasec/trivy-db:2"
9.58 MiB / 83.02 MiB [------->______________________________________________________] 11.54% ? p/s ?38.16 MiB / 83.02 MiB [---------------------------->________________________________] 45.97% ? p/s ?69.28 MiB / 83.02 MiB [-------------------------------------------------->__________] 83.46% ? p/s ?83.02 MiB / 83.02 MiB [--------------------------------------------->] 100.00% 121.95 MiB p/s ETA 0s83.02 MiB / 83.02 MiB [--------------------------------------------->] 100.00% 121.95 MiB p/s ETA 0s83.02 MiB / 83.02 MiB [--------------------------------------------->] 100.00% 121.95 MiB p/s ETA 0s83.02 MiB / 83.02 MiB [--------------------------------------------->] 100.00% 114.08 MiB p/s ETA 0s83.02 MiB / 83.02 MiB [--------------------------------------------->] 100.00% 114.08 MiB p/s ETA 0s83.02 MiB / 83.02 MiB [--------------------------------------------->] 100.00% 114.08 MiB p/s ETA 0s83.02 MiB / 83.02 MiB [--------------------------------------------->] 100.00% 106.72 MiB p/s ETA 0s83.02 MiB / 83.02 MiB [--------------------------------------------->] 100.00% 106.72 MiB p/s ETA 0s83.02 MiB / 83.02 MiB [--------------------------------------------->] 100.00% 106.72 MiB p/s ETA 0s83.02 MiB / 83.02 MiB [---------------------------------------------->] 100.00% 99.84 MiB p/s ETA 0s83.02 MiB / 83.02 MiB [---------------------------------------------->] 100.00% 99.84 MiB p/s ETA 0s83.02 MiB / 83.02 MiB [---------------------------------------------->] 100.00% 99.84 MiB p/s ETA 0s83.02 MiB / 83.02 MiB [---------------------------------------------->] 100.00% 93.39 MiB p/s ETA 0s83.02 MiB / 83.02 MiB [---------------------------------------------->] 100.00% 93.39 MiB p/s ETA 0s83.02 MiB / 83.02 MiB [---------------------------------------------->] 100.00% 93.39 MiB p/s ETA 0s83.02 MiB / 83.02 MiB [---------------------------------------------->] 100.00% 87.37 MiB p/s ETA 0s83.02 MiB / 83.02 MiB [---------------------------------------------->] 100.00% 87.37 MiB p/s ETA 0s83.02 MiB / 83.02 MiB [---------------------------------------------->] 100.00% 87.37 MiB p/s ETA 0s83.02 MiB / 83.02 MiB [---------------------------------------------->] 100.00% 81.73 MiB p/s ETA 0s83.02 MiB / 83.02 MiB [---------------------------------------------->] 100.00% 81.73 MiB p/s ETA 0s83.02 MiB / 83.02 MiB [---------------------------------------------->] 100.00% 81.73 MiB p/s ETA 0s83.02 MiB / 83.02 MiB [---------------------------------------------->] 100.00% 76.46 MiB p/s ETA 0s83.02 MiB / 83.02 MiB [---------------------------------------------->] 100.00% 76.46 MiB p/s ETA 0s83.02 MiB / 83.02 MiB [---------------------------------------------->] 100.00% 76.46 MiB p/s ETA 0s83.02 MiB / 83.02 MiB [-------------------------------------------------] 100.00% 15.87 MiB p/s 5.4s2026-01-21T21:11:54Z	INFO	[vulndb] Artifact successfully downloaded	repo="mirror.gcr.io/aquasec/trivy-db:2"
2026-01-21T21:11:54Z	INFO	[vuln] Vulnerability scanning is enabled
2026-01-21T21:11:54Z	INFO	[misconfig] Misconfiguration scanning is enabled
2026-01-21T21:11:54Z	INFO	[misconfig] Need to update the checks bundle
2026-01-21T21:11:54Z	INFO	[misconfig] Downloading the checks bundle...
165.46 KiB / 165.46 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2026-01-21T21:11:57Z	INFO	[python] Licenses acquired from one or more METADATA files may be subject to additional terms. Use `--debug` flag to see all affected packages.
2026-01-21T21:11:58Z	INFO	Suppressing dependencies for development and testing. To display them, try the '--include-dev-deps' flag.
2026-01-21T21:11:58Z	INFO	Number of language-specific files	num=2
2026-01-21T21:11:58Z	INFO	[pip] Detecting vulnerabilities...
2026-01-21T21:11:58Z	INFO	[poetry] Detecting vulnerabilities...
2026-01-21T21:11:58Z	INFO	Detected config files	num=2

Report Summary

┌───────────────────┬────────────┬─────────────────┬───────────────────┐
│      Target       │    Type    │ Vulnerabilities │ Misconfigurations │
├───────────────────┼────────────┼─────────────────┼───────────────────┤
│ poetry.lock       │   poetry   │       10        │         -         │
├───────────────────┼────────────┼─────────────────┼───────────────────┤
│ requirements.txt  │    pip     │       10        │         -         │
├───────────────────┼────────────┼─────────────────┼───────────────────┤
│ Dockerfile        │ dockerfile │        -        │         0         │
├───────────────────┼────────────┼─────────────────┼───────────────────┤
│ docker/Dockerfile │ dockerfile │        -        │         0         │
└───────────────────┴────────────┴─────────────────┴───────────────────┘
Legend:
- '-': Not scanned
- '0': Clean (no security findings detected)


For OSS Maintainers: VEX Notice
----------------

(Truncated to 5000 characters out of 18610)

⚠️ ACTION / actionlint - 3 errors

.github/workflows/github-dependents-info.yml:53:9: shellcheck reported issue in this script: SC2086:info:1:15: Double quote to prevent globbing and word splitting [shellcheck]
   |
53 |         run: sudo chown -R $USER:$USER .
   |         ^~~~
.github/workflows/github-dependents-info.yml:53:9: shellcheck reported issue in this script: SC2086:info:1:21: Double quote to prevent globbing and word splitting [shellcheck]
   |
53 |         run: sudo chown -R $USER:$USER .
   |         ^~~~
.github/workflows/release.yml:63:9: shellcheck reported issue in this script: SC2086:info:1:55: Double quote to prevent globbing and word splitting [shellcheck]
   |
63 |         run: echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> ${GITHUB_ENV}
   |         ^~~~

⚠️ REPOSITORY / grype - 11 errors

[0000]  WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal) from=syft
NAME        INSTALLED  FIXED IN  TYPE    VULNERABILITY        SEVERITY  EPSS           RISK   
aiohttp     3.13.2     3.13.3    python  GHSA-6mq8-rvhq-8wgg  High      < 0.1% (17th)  < 0.1  
aiohttp     3.13.2     3.13.3    python  GHSA-6jhg-hg63-jvvf  Medium    < 0.1% (17th)  < 0.1  
aiohttp     3.13.2     3.13.3    python  GHSA-jj3x-wxrx-4x23  Medium    < 0.1% (17th)  < 0.1  
aiohttp     3.13.2     3.13.3    python  GHSA-g84x-mcqj-x9qq  Medium    < 0.1% (14th)  < 0.1  
aiohttp     3.13.2     3.13.3    python  GHSA-54jq-c3m8-4m76  Low       < 0.1% (17th)  < 0.1  
urllib3     2.6.2      2.6.3     python  GHSA-38jv-5279-wg99  High      < 0.1% (3rd)   < 0.1  
aiohttp     3.13.2     3.13.3    python  GHSA-mqqc-3gqh-h2x8  Low       < 0.1% (11th)  < 0.1  
aiohttp     3.13.2     3.13.3    python  GHSA-69f9-5gxw-wvc2  Low       < 0.1% (11th)  < 0.1  
aiohttp     3.13.2     3.13.3    python  GHSA-fh55-r93g-j68g  Low       < 0.1% (11th)  < 0.1  
filelock    3.20.1     3.20.3    python  GHSA-qmgc-5h2g-mvrw  Medium    < 0.1% (2nd)   < 0.1  
virtualenv  20.35.4    20.36.1   python  GHSA-597g-3phw-6986  Medium    < 0.1% (2nd)   < 0.1
[0036] ERROR discovered vulnerabilities at or above the severity threshold

⚠️ DOCKERFILE / hadolint - 1 error

Dockerfile:5 DL3013 warning: Pin versions in pip. Instead of `pip install <package>` use `pip install <package>==<version>` or `pip install --requirement <requirements file>`
docker/Dockerfile:7 DL3008 warning: Pin versions in apt get install. Instead of `apt-get install <package>` use `apt-get install <package>=<version>`
docker/Dockerfile:12 DL3045 warning: `COPY` to a relative destination without `WORKDIR` set.
docker/Dockerfile:15 DL3003 warning: Use WORKDIR to switch to a directory
docker/Dockerfile:15 DL4006 warning: Set the SHELL option -o pipefail before RUN with a pipe in it. If you are using /bin/sh in an alpine image or if your shell is symlinked to busybox then consider explicitly setting your SHELL to /bin/ash, or disable this check
docker/Dockerfile:15 SC2226 warning: This ln has no destination. Check the arguments, or specify '.' explicitly.
docker/Dockerfile:24 DL3025 warning: Use arguments JSON notation for CMD and ENTRYPOINT arguments

⚠️ SPELL / lychee - 2 errors

[IGNORED] docker://nvuillam/github-dependents-info:v3.0.0 | Unsupported: Error creating request client: builder error for url (docker://nvuillam/github-dependents-info:v3.0.0)
[404] https://docs.github.com/en/github/administering-a-repository/keeping-your-dependencies-updated-automatically | Network error: Not Found
[404] https://github.com/actions-marketplace-validations/AkhileshNS_heroku-deploy | Network error: Not Found
📝 Summary
---------------------
🔍 Total..........177
✅ Successful.....138
⏳ Timeouts.........0
🔀 Redirected.......0
👻 Excluded........36
❓ Unknown..........0
🚫 Errors...........2

Errors in .github/dependabot.yml
[404] https://docs.github.com/en/github/administering-a-repository/keeping-your-dependencies-updated-automatically | Network error: Not Found

Errors in docs/github-dependents-info.md
[404] https://github.com/actions-marketplace-validations/AkhileshNS_heroku-deploy | Network error: Not Found

⚠️ MARKDOWN / markdownlint - 17 errors

.github/PULL_REQUEST_TEMPLATE.md:1 error MD041/first-line-heading/first-line-h1 First line in a file should be a top-level heading [Context: "## Description"]
docs/github-dependents-info.md:8:401 error MD013/line-length Line length [Expected: 400; Actual: 1092]
README.md:47:2 error MD045/no-alt-text Images should have alternate text (alt text)
README.md:48:2 error MD045/no-alt-text Images should have alternate text (alt text)
README.md:49:2 error MD045/no-alt-text Images should have alternate text (alt text)
README.md:50:2 error MD045/no-alt-text Images should have alternate text (alt text)
README.md:216:3 error MD051/link-fragments Link fragments should be valid [Context: "[Installation](#⚙️-installation)"]
README.md:217:3 error MD051/link-fragments Link fragments should be valid [Context: "[Usage](#🛠️-usage)"]
README.md:218:3 error MD051/link-fragments Link fragments should be valid [Context: "[Examples](#🧪-examples)"]
README.md:276 error MD046/code-block-style Code block style [Expected: fenced; Actual: indented]
README.md:280 error MD046/code-block-style Code block style [Expected: fenced; Actual: indented]
README.md:285 error MD046/code-block-style Code block style [Expected: fenced; Actual: indented]
README.md:289 error MD046/code-block-style Code block style [Expected: fenced; Actual: indented]
README.md:293 error MD046/code-block-style Code block style [Expected: fenced; Actual: indented]
README.md:297 error MD046/code-block-style Code block style [Expected: fenced; Actual: indented]
README.md:301 error MD046/code-block-style Code block style [Expected: fenced; Actual: indented]
README.md:328:1 error MD045/no-alt-text Images should have alternate text (alt text)

⚠️ PYTHON / mypy - 5 errors

github_dependents_info/gh_dependents_info.py:50: error: Need type annotation for "packages" (hint: "packages: list[<type>] = ...")  [var-annotated]
github_dependents_info/gh_dependents_info.py:51: error: Need type annotation for "all_public_dependent_repos" (hint: "all_public_dependent_repos: list[<type>] = ...")  [var-annotated]
github_dependents_info/gh_dependents_info.py:52: error: Need type annotation for "badges" (hint: "badges: dict[<type>, <type>] = ...")  [var-annotated]
github_dependents_info/gh_dependents_info.py:53: error: Need type annotation for "result" (hint: "result: dict[<type>, <type>] = ...")  [var-annotated]
github_dependents_info/gh_dependents_info.py:240: error: Item "None" of "Path | None" has no attribute "mkdir"  [union-attr]
Found 5 errors in 1 file (checked 7 source files)

⚠️ PYTHON / pyright - 4 errors

github_dependents_info/__main__.py
  github_dependents_info/__main__.py:7:6 - error: Import "rich.console" could not be resolved (reportMissingImports)
github_dependents_info/gh_dependents_info.py
  github_dependents_info/gh_dependents_info.py:13:8 - error: Import "pandas" could not be resolved (reportMissingImports)
  github_dependents_info/gh_dependents_info.py:14:6 - error: Import "bs4" could not be resolved (reportMissingImports)
  github_dependents_info/gh_dependents_info.py:240:32 - error: "mkdir" is not a known attribute of "None" (reportOptionalMemberAccess)
4 errors, 0 warnings, 0 informations

See detailed reports in MegaLinter artifacts

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

Documentation: Custom Flavors
Command: npx mega-linter-runner@beta --custom-flavor-setup --custom-flavor-linters PYTHON_PYLINT,PYTHON_BLACK,PYTHON_FLAKE8,PYTHON_ISORT,PYTHON_BANDIT,PYTHON_MYPY,PYTHON_PYRIGHT,PYTHON_RUFF,ACTION_ACTIONLINT,COPYPASTE_JSCPD,DOCKERFILE_HADOLINT,JSON_JSONLINT,JSON_V8R,JSON_PRETTIER,MARKDOWN_MARKDOWNLINT,MARKDOWN_MARKDOWN_TABLE_FORMATTER,REPOSITORY_CHECKOV,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_GRYPE,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,SPELL_CSPELL,SPELL_LYCHEE,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R

Show us your support by starring ⭐ the repository

Update dependency packaging to v26

d365c34

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Update dependency packaging to v26 #840

Update dependency packaging to v26 #840

Uh oh!

renovate bot commented Jan 21, 2026

Uh oh!

github-actions bot commented Jan 21, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

Update dependency packaging to v26 #840

Are you sure you want to change the base?

Update dependency packaging to v26 #840

Uh oh!

Conversation

renovate bot commented Jan 21, 2026

Release Notes

v26.0

Configuration

Uh oh!

github-actions bot commented Jan 21, 2026

❌MegaLinter analysis: Error

Detailed Issues

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

`v26.0`