Skip to content

Bump the python group in /python with 4 updates #922

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump the python group in /python with 4 updates #922

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 8, 2025

Bumps the python group in /python with 4 updates: psutil, mkl, mkl-include and intel-openmp.

Updates psutil from 7.1.0 to 7.1.3

Changelog

Sourced from psutil's changelog.

7.1.3

2025-11-02

Enhancements

  • 2667_: enforce clang-format on all C and header files. It is now the mandatory formatting style for all C sources.
  • 2672_, [macOS], [BSD]: increase the chances to recognize zombie processes and raise the appropriate exception (ZombieProcess_).
  • 2676_, 2678_: replace unsafe sprintf / snprintf / sprintf_s calls with str_format(). Replace strlcat / strlcpy with safe str_copy / str_append. This unifies string handling across platforms and reduces unsafe usage of standard string functions, improving robustness.

Bug fixes

  • 2674_, [Windows]: disk_usage()_ could truncate values on 32-bit platforms, potentially reporting incorrect total/free/used space for drives larger than 4GB.
  • 2675_, [macOS]: Process.status()_ incorrectly returns "running" for 99% of the processes.
  • 2677_, [Windows]: fix MAC address string construction in net_if_addrs()_. Previously, the MAC address buffer was incorrectly updated using a fixed increment and sprintf_s, which could overflow or misformat the string if the MAC length or formatting changed. Also, the final '\n' was inserted unnecessarily.
  • 2679_, [OpenBSD], [NetBSD], [critical]: can't build due to C syntax error.

7.1.2

2025-10-25

Enhancements

  • 2657_: stop publishing prebuilt Linux and Windows wheels for 32-bit Python. 32-bit CPython is still supported, but psutil must now be built from source. 2565_: produce wheels for free-thread cPython 3.13 and 3.14 (patch by Lysandros Nikolaou)

Bug fixes

  • 2650_, [macOS]: Process.cmdline()_ and Process.environ()_ may incorrectly raise NoSuchProcess_ instead of ZombieProcess_.
  • 2658_, [macOS]: double free() in Process.environ()_ when it fails internally. This posed a risk of segfault.
  • 2662_, [macOS]: massive C code cleanup to guard against possible segfaults which were (not so) sporadically spotted on CI.

... (truncated)

Commits
  • 5904ff9 Pre-release
  • d42db80 Update DEVGUIDE.rst
  • e4e1003 psutil_kinfo_proc: return in case of badargs; also print to stderr in case of...
  • bcdede4 Introduce PSUTIL_TESTING mode. Terminate execution if str_* funcs fail
  • 6822ba7 Replace strlcat/strlcpy with safe str_copy/str_append (#2678)
  • 0a7465c Windows: use str_format() in psutil_users().
  • fd05690 [Windows] fix MAC address string construction in net_if_addrs() (#2677)
  • 7d82135 NetBSD: refact proc cwd()
  • 262977f Replace unsafe sprintf/snprintf/sprintf_s calls with str_format() (#2676)
  • 1ba3cf5 Fix #2675 / macOS: convert process status() to a meaningful value
  • Additional commits viewable in compare view

Updates mkl from 2025.2.0 to 2025.3.0

Commits

Updates mkl-include from 2025.2.0 to 2025.3.0

Updates intel-openmp from 2025.2.1 to 2025.3.1

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the python group in /python with 4 updates
a7a3851 
Bumps the python group in /python with 4 updates: [psutil](https://github.com/giampaolo/psutil), [mkl](https://github.com/uxlfoundation/oneMath), [mkl-include](https://www.intel.com/content/www/us/en/developer/tools/oneapi/onemkl.html) and [intel-openmp](https://www.intel.com/content/www/us/en/developer/tools/oneapi/dpc-compiler.html).


Updates `psutil` from 7.1.0 to 7.1.3
- [Changelog](https://github.com/giampaolo/psutil/blob/master/HISTORY.rst)
- [Commits](giampaolo/psutil@release-7.1.0...release-7.1.3)

Updates `mkl` from 2025.2.0 to 2025.3.0
- [Release notes](https://github.com/uxlfoundation/oneMath/releases)
- [Commits](https://github.com/uxlfoundation/oneMath/commits)

Updates `mkl-include` from 2025.2.0 to 2025.3.0

Updates `intel-openmp` from 2025.2.1 to 2025.3.1

---
updated-dependencies:
- dependency-name: psutil
  dependency-version: 7.1.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python
- dependency-name: mkl
  dependency-version: 2025.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python
- dependency-name: mkl-include
  dependency-version: 2025.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python
- dependency-name: intel-openmp
  dependency-version: 2025.3.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Dec 8, 2025
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Dec 8, 2025
@github-actions
Copy link

github-actions bot commented Dec 8, 2025

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 3 package(s) with unknown licenses.
See the Details below.

License Issues

python/requirements.txt

PackageVersionLicenseIssue Type
intel-openmp2025.3.1NullUnknown License
mkl-include2025.3.0NullUnknown License
mkl2025.3.0NullUnknown License

OpenSSF Scorecard

PackageVersionScoreDetails
pip/intel-openmp 2025.3.1 UnknownUnknown
pip/mkl 2025.3.0 UnknownUnknown
pip/mkl-include 2025.3.0 UnknownUnknown
pip/psutil 7.1.3 🟢 5.6
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1030 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
Security-Policy🟢 10security policy file detected
Code-Review⚠️ 0Found 0/30 approved changesets -- score normalized to 0
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities🟢 100 existing vulnerabilities detected
License🟢 10license file detected
Fuzzing🟢 10project is fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0

Scanned Files

  • python/requirements.txt

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jitendra42 jitendra42 Awaiting requested review from jitendra42 jitendra42 is a code owner

@sharvil10 sharvil10 Awaiting requested review from sharvil10 sharvil10 is a code owner

@sramakintel sramakintel Awaiting requested review from sramakintel sramakintel is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant