From deaf6c9beff8b8bd724a2db1948eabce785221df Mon Sep 17 00:00:00 2001
From: "pre-commit-ci[bot]"
 <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Date: Mon, 4 May 2026 00:56:37 +0100
Subject: [PATCH 1/8] [pre-commit.ci] pre-commit autoupdate (#12430)

---
 .pre-commit-config.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 6acd60a083f..12f2c8678e9 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -60,7 +60,7 @@ repos:
       - flake8-no-implicit-concat==0.3.4
       - flake8-requirements==1.7.8
 - repo: https://github.com/PyCQA/isort
-  rev: '8.0.1'
+  rev: '9.0.0a3'
   hooks:
   - id: isort
 - repo: https://github.com/psf/black-pre-commit-mirror

From b6abd1b0bb7e91c1b279641aad023d1937ee11e3 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 4 May 2026 00:57:27 +0100
Subject: [PATCH 2/8] Bump packaging from 26.1 to 26.2 (#12429)

---
 requirements/base-ft.txt      | 2 +-
 requirements/base.txt         | 2 +-
 requirements/constraints.txt  | 2 +-
 requirements/dev.txt          | 2 +-
 requirements/doc-spelling.txt | 2 +-
 requirements/doc.txt          | 2 +-
 requirements/lint.txt         | 2 +-
 requirements/test-common.txt  | 2 +-
 requirements/test-ft.txt      | 2 +-
 requirements/test.txt         | 2 +-
 10 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/requirements/base-ft.txt b/requirements/base-ft.txt
index 50ce7aa2873..7a1e276a925 100644
--- a/requirements/base-ft.txt
+++ b/requirements/base-ft.txt
@@ -30,7 +30,7 @@ multidict==6.7.1
     # via
     #   -r requirements/runtime-deps.in
     #   yarl
-packaging==26.1
+packaging==26.2
     # via gunicorn
 propcache==0.4.1
     # via
diff --git a/requirements/base.txt b/requirements/base.txt
index 224fb859d0c..bb8903b3ef9 100644
--- a/requirements/base.txt
+++ b/requirements/base.txt
@@ -30,7 +30,7 @@ multidict==6.7.1
     # via
     #   -r requirements/runtime-deps.in
     #   yarl
-packaging==26.1
+packaging==26.2
     # via gunicorn
 propcache==0.4.1
     # via
diff --git a/requirements/constraints.txt b/requirements/constraints.txt
index d225f55dcf3..48fd78bb47e 100644
--- a/requirements/constraints.txt
+++ b/requirements/constraints.txt
@@ -125,7 +125,7 @@ mypy-extensions==1.1.0
     # via mypy
 nodeenv==1.10.0
     # via pre-commit
-packaging==26.1
+packaging==26.2
     # via
     #   build
     #   gunicorn
diff --git a/requirements/dev.txt b/requirements/dev.txt
index 0def3605c54..3f5dfec3cbf 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -122,7 +122,7 @@ mypy-extensions==1.1.0
     # via mypy
 nodeenv==1.10.0
     # via pre-commit
-packaging==26.1
+packaging==26.2
     # via
     #   build
     #   gunicorn
diff --git a/requirements/doc-spelling.txt b/requirements/doc-spelling.txt
index 7a3f8684570..7b7baa24922 100644
--- a/requirements/doc-spelling.txt
+++ b/requirements/doc-spelling.txt
@@ -28,7 +28,7 @@ jinja2==3.1.6
     #   towncrier
 markupsafe==3.0.3
     # via jinja2
-packaging==26.1
+packaging==26.2
     # via sphinx
 pyenchant==3.3.0
     # via sphinxcontrib-spelling
diff --git a/requirements/doc.txt b/requirements/doc.txt
index 9ecce3b9485..dd37446a32b 100644
--- a/requirements/doc.txt
+++ b/requirements/doc.txt
@@ -28,7 +28,7 @@ jinja2==3.1.6
     #   towncrier
 markupsafe==3.0.3
     # via jinja2
-packaging==26.1
+packaging==26.2
     # via sphinx
 pygments==2.20.0
     # via sphinx
diff --git a/requirements/lint.txt b/requirements/lint.txt
index 3d2dfec4c00..8c053fb7614 100644
--- a/requirements/lint.txt
+++ b/requirements/lint.txt
@@ -57,7 +57,7 @@ mypy-extensions==1.1.0
     # via mypy
 nodeenv==1.10.0
     # via pre-commit
-packaging==26.1
+packaging==26.2
     # via pytest
 pathspec==1.1.1
     # via mypy
diff --git a/requirements/test-common.txt b/requirements/test-common.txt
index 13462706550..f51dc6c8e6b 100644
--- a/requirements/test-common.txt
+++ b/requirements/test-common.txt
@@ -44,7 +44,7 @@ mypy==1.20.2 ; implementation_name == "cpython"
     # via -r requirements/test-common.in
 mypy-extensions==1.1.0
     # via mypy
-packaging==26.1
+packaging==26.2
     # via pytest
 pathspec==1.1.1
     # via mypy
diff --git a/requirements/test-ft.txt b/requirements/test-ft.txt
index 0b5e77540c1..e2df8e7589f 100644
--- a/requirements/test-ft.txt
+++ b/requirements/test-ft.txt
@@ -69,7 +69,7 @@ mypy==1.20.2 ; implementation_name == "cpython"
     # via -r requirements/test-common.in
 mypy-extensions==1.1.0
     # via mypy
-packaging==26.1
+packaging==26.2
     # via
     #   gunicorn
     #   pytest
diff --git a/requirements/test.txt b/requirements/test.txt
index 7bc521b6815..3ace39658ce 100644
--- a/requirements/test.txt
+++ b/requirements/test.txt
@@ -69,7 +69,7 @@ mypy==1.20.2 ; implementation_name == "cpython"
     # via -r requirements/test-common.in
 mypy-extensions==1.1.0
     # via mypy
-packaging==26.1
+packaging==26.2
     # via
     #   gunicorn
     #   pytest

From 4cd1b36935b1563394928cbd85a408d9109ba0ca Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 3 May 2026 23:58:22 +0000
Subject: [PATCH 3/8] Bump build from 1.4.4 to 1.5.0 (#12438)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps [build](https://github.com/pypa/build) from 1.4.4 to 1.5.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/build/releases">build's
releases</a>.</em></p>
<blockquote>
<h2>1.5.0</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<ul>
<li>ci: try to improve release docs by <a
href="https://github.com/henryiii"><code>@​henryiii</code></a> in <a
href="https://redirect.github.com/pypa/build/pull/1051">pypa/build#1051</a></li>
<li>feat: drop 3.9, require 3.10+ by <a
href="https://github.com/henryiii"><code>@​henryiii</code></a> in <a
href="https://redirect.github.com/pypa/build/pull/1036">pypa/build#1036</a></li>
<li>chore: tox toml by <a
href="https://github.com/henryiii"><code>@​henryiii</code></a> in <a
href="https://redirect.github.com/pypa/build/pull/1033">pypa/build#1033</a></li>
<li>fix: api should not ignore installed, only CLI by <a
href="https://github.com/henryiii"><code>@​henryiii</code></a> in <a
href="https://redirect.github.com/pypa/build/pull/1056">pypa/build#1056</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/pypa/build/compare/1.4.4...1.5.0">https://github.com/pypa/build/compare/1.4.4...1.5.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/build/blob/main/CHANGELOG.rst">build's
changelog</a>.</em></p>
<blockquote>
<p>####################
1.5.0 (2026-04-30)
####################</p>
<hr />
<p>Features</p>
<hr />
<ul>
<li>Drop Python 3.9 support - by :user:<code>henryiii</code>
(:issue:<code>1036</code>)</li>
</ul>
<hr />
<p>Bugfixes</p>
<hr />
<ul>
<li>Make <code>--ignore-installed</code> opt-in from the API via
<code>fresh=True</code> - by :user:<code>henryiii</code>
(:issue:<code>1056</code>)</li>
</ul>
<hr />
<p>Miscellaneous</p>
<hr />
<ul>
<li>:issue:<code>1033</code></li>
</ul>
<p>####################
1.4.4 (2026-04-22)
####################</p>
<hr />
<p>Bugfixes</p>
<hr />
<ul>
<li>Fix release pipeline generating <code>CHANGELOG.rst</code> entries
with inconsistent heading levels, which broke <code>sphinx -W</code>
and pinned Read the Docs <code>stable</code> at 1.4.0 - by
:user:<code>gaborbernat</code>. (:issue:<code>1031</code>)</li>
<li>Revert :pr:<code>1039</code> from build 1.4.3, no longer check
direct_url (for now) - by :user:<code>henryiii</code>
(:issue:<code>1039</code>)</li>
<li>Add <code>--ignore-installed</code> to pip install command to
prevent issues with packages already present in the isolated
build environment - by :user:<code>henryiii</code>
(:issue:<code>1037</code>) (:issue:<code>1040</code>)</li>
<li>Partial revert of :pr:<code>973</code>, keeping log messages in one
entry, multiple lines. (:issue:<code>1044</code>)</li>
</ul>
<hr />
<p>Miscellaneous</p>
<hr />
<ul>
<li>:issue:<code>1048</code>, :issue:<code>1049</code></li>
</ul>
<p>####################
1.4.3 (2026-04-10)
####################</p>
<hr />
<p>Features</p>
<hr />
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/build/commit/615d04cfc52ac3c1592a463f0afe484fee1cc368"><code>615d04c</code></a>
chore: prepare for 1.5.0</li>
<li><a
href="https://github.com/pypa/build/commit/776f702f84787525df62a5473dd13d4e2f45b977"><code>776f702</code></a>
fix: api should not ignore installed, only CLI (<a
href="https://redirect.github.com/pypa/build/issues/1056">#1056</a>)</li>
<li><a
href="https://github.com/pypa/build/commit/42da4c4b483563819fabdb8ecf2f6df53ed82123"><code>42da4c4</code></a>
pre-commit: bump repositories (<a
href="https://redirect.github.com/pypa/build/issues/1055">#1055</a>)</li>
<li><a
href="https://github.com/pypa/build/commit/b445cd2e736db5f80cde7d952d620a73cc26bf9d"><code>b445cd2</code></a>
chore: tox toml (<a
href="https://redirect.github.com/pypa/build/issues/1033">#1033</a>)</li>
<li><a
href="https://github.com/pypa/build/commit/c44c143876042ac6e1212a31684a3adca19beda4"><code>c44c143</code></a>
feat: drop 3.9, require 3.10+ (<a
href="https://redirect.github.com/pypa/build/issues/1036">#1036</a>)</li>
<li><a
href="https://github.com/pypa/build/commit/a9bb4560d213069b11c8068159f1de060abec5b7"><code>a9bb456</code></a>
build(deps): bump astral-sh/setup-uv from 8.0.0 to 8.1.0 in the actions
group...</li>
<li><a
href="https://github.com/pypa/build/commit/cb3351155ce99902580022acb81dc0adb8124d53"><code>cb33511</code></a>
ci: try to improve release docs (<a
href="https://redirect.github.com/pypa/build/issues/1051">#1051</a>)</li>
<li>See full diff in <a
href="https://github.com/pypa/build/compare/1.4.4...1.5.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=build&package-manager=pip&previous-version=1.4.4&new-version=1.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 requirements/constraints.txt | 2 +-
 requirements/dev.txt         | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements/constraints.txt b/requirements/constraints.txt
index 48fd78bb47e..246c1cef6fe 100644
--- a/requirements/constraints.txt
+++ b/requirements/constraints.txt
@@ -34,7 +34,7 @@ blockbuster==1.5.26
     #   -r requirements/test-common.in
 brotli==1.2.0 ; platform_python_implementation == "CPython"
     # via -r requirements/runtime-deps.in
-build==1.4.4
+build==1.5.0
     # via pip-tools
 certifi==2026.4.22
     # via requests
diff --git a/requirements/dev.txt b/requirements/dev.txt
index 3f5dfec3cbf..174f2743e06 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -34,7 +34,7 @@ blockbuster==1.5.26
     #   -r requirements/test-common.in
 brotli==1.2.0 ; platform_python_implementation == "CPython"
     # via -r requirements/runtime-deps.in
-build==1.4.4
+build==1.5.0
     # via pip-tools
 certifi==2026.4.22
     # via requests

From f127e76eb43aec0600d8da8a97eb2f9cb6711545 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 4 May 2026 00:11:02 +0000
Subject: [PATCH 4/8] Bump virtualenv from 21.2.4 to 21.3.0 (#12432)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps [virtualenv](https://github.com/pypa/virtualenv) from 21.2.4 to
21.3.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/virtualenv/releases">virtualenv's
releases</a>.</em></p>
<blockquote>
<h2>21.3.0</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<ul>
<li>🐛 fix(type): stop ty flagging default_source on Action by <a
href="https://github.com/gaborbernat"><code>@​gaborbernat</code></a> in
<a
href="https://redirect.github.com/pypa/virtualenv/pull/3124">pypa/virtualenv#3124</a></li>
<li>feat: Reintroduce xonsh shell support by <a
href="https://github.com/anki-code"><code>@​anki-code</code></a> in <a
href="https://redirect.github.com/pypa/virtualenv/pull/3125">pypa/virtualenv#3125</a></li>
<li>🐛 fix(test): prevent PowerShell activation test from crashing xdist
workers on Windows by <a
href="https://github.com/gaborbernat"><code>@​gaborbernat</code></a> in
<a
href="https://redirect.github.com/pypa/virtualenv/pull/3128">pypa/virtualenv#3128</a></li>
<li>docs: Add usage instruction for Xonsh activation by <a
href="https://github.com/anki-code"><code>@​anki-code</code></a> in <a
href="https://redirect.github.com/pypa/virtualenv/pull/3130">pypa/virtualenv#3130</a></li>
<li>Upgrade embedded pip/setuptools/wheel by <a
href="https://github.com/github-actions"><code>@​github-actions</code></a>[bot]
in <a
href="https://redirect.github.com/pypa/virtualenv/pull/3132">pypa/virtualenv#3132</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/anki-code"><code>@​anki-code</code></a>
made their first contribution in <a
href="https://redirect.github.com/pypa/virtualenv/pull/3125">pypa/virtualenv#3125</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/pypa/virtualenv/compare/21.2.4...21.3.0">https://github.com/pypa/virtualenv/compare/21.2.4...21.3.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst">virtualenv's
changelog</a>.</em></p>
<blockquote>
<h1>Features - 21.3.0</h1>
<ul>
<li>Re-introduce <code>xonsh</code> shell activator
(<code>activate.xsh</code>) previously removed in 20.7.0, and make the
plugin loader
prefer virtualenv's built-in entry points so a third-party package
cannot override them by registering a duplicate
name. (:issue:<code>3003</code>)</li>
</ul>
<h1>Bugfixes - 21.3.0</h1>
<ul>
<li>
<p>Upgrade embedded wheels:</p>
<ul>
<li>pip to <code>26.1</code> (:issue:<code>3132</code>)</li>
</ul>
</li>
</ul>
<hr />
<p>v21.2.4 (2026-04-14)</p>
<hr />
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/virtualenv/commit/e917cc244e659160607c890de2cbad3a7bc2a28c"><code>e917cc2</code></a>
release 21.3.0</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/21152f1b88c49cdefda2743cddc2cf36d50e2e57"><code>21152f1</code></a>
Upgrade embedded pip/setuptools/wheel (<a
href="https://redirect.github.com/pypa/virtualenv/issues/3132">#3132</a>)</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/096bdcd72d7a6c92dcb9dee97fd429fe3e0231a5"><code>096bdcd</code></a>
chore(deps): bump astral-sh/setup-uv from 8.0.0 to 8.1.0 (<a
href="https://redirect.github.com/pypa/virtualenv/issues/3131">#3131</a>)</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/01610dc7a8ef08158c815f43dc22ceadb98b85c0"><code>01610dc</code></a>
docs: Add usage instruction for Xonsh activation (<a
href="https://redirect.github.com/pypa/virtualenv/issues/3130">#3130</a>)</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/fb6ec7c461db2b0ccfabe7ec6255368e86cfaed3"><code>fb6ec7c</code></a>
🐛 fix(test): prevent PowerShell activation test from crashing xdist
workers o...</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/60956799efa82adac0c3d5e70d9ca1fdd63125f8"><code>6095679</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/pypa/virtualenv/issues/3129">#3129</a>)</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/8d3179cf42332501240e9ee3ddca7e376a790752"><code>8d3179c</code></a>
chore(deps): bump peter-evans/create-pull-request from 8.1.0 to 8.1.1
(<a
href="https://redirect.github.com/pypa/virtualenv/issues/3127">#3127</a>)</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/a159c50a400d4e18aca3bfde5224f09e71d2eb17"><code>a159c50</code></a>
chore(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 (<a
href="https://redirect.github.com/pypa/virtualenv/issues/3126">#3126</a>)</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/9ba729bbbbec89c121c3ce4ef205fdd403e33e26"><code>9ba729b</code></a>
feat: Reintroduce xonsh shell support (<a
href="https://redirect.github.com/pypa/virtualenv/issues/3125">#3125</a>)</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/d42ea5cd19a116dbdbb9852becace188d5b3a225"><code>d42ea5c</code></a>
🐛 fix(type): stop ty flagging default_source on Action (<a
href="https://redirect.github.com/pypa/virtualenv/issues/3124">#3124</a>)</li>
<li>See full diff in <a
href="https://github.com/pypa/virtualenv/compare/21.2.4...21.3.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=virtualenv&package-manager=pip&previous-version=21.2.4&new-version=21.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 requirements/constraints.txt | 2 +-
 requirements/dev.txt         | 2 +-
 requirements/lint.txt        | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/requirements/constraints.txt b/requirements/constraints.txt
index 246c1cef6fe..db46cb72c44 100644
--- a/requirements/constraints.txt
+++ b/requirements/constraints.txt
@@ -281,7 +281,7 @@ uvloop==0.21.0 ; platform_system != "Windows"
     #   -r requirements/lint.in
 valkey==6.1.1
     # via -r requirements/lint.in
-virtualenv==21.2.4
+virtualenv==21.3.0
     # via pre-commit
 wait-for-it==2.3.0
     # via -r requirements/test-common.in
diff --git a/requirements/dev.txt b/requirements/dev.txt
index 174f2743e06..1371c1d9a8d 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -271,7 +271,7 @@ uvloop==0.21.0 ; platform_system != "Windows" and implementation_name == "cpytho
     #   -r requirements/lint.in
 valkey==6.1.1
     # via -r requirements/lint.in
-virtualenv==21.2.4
+virtualenv==21.3.0
     # via pre-commit
 wait-for-it==2.3.0
     # via -r requirements/test-common.in
diff --git a/requirements/lint.txt b/requirements/lint.txt
index 8c053fb7614..702de6ffe75 100644
--- a/requirements/lint.txt
+++ b/requirements/lint.txt
@@ -129,7 +129,7 @@ uvloop==0.21.0 ; platform_system != "Windows"
     # via -r requirements/lint.in
 valkey==6.1.1
     # via -r requirements/lint.in
-virtualenv==21.2.4
+virtualenv==21.3.0
     # via pre-commit
 zlib-ng==1.0.0
     # via -r requirements/lint.in

From 5503528282ee13a2fcdad13b641e38c3a18eaf81 Mon Sep 17 00:00:00 2001
From: Bojun Chai <bmayday.chai@gmail.com>
Date: Mon, 4 May 2026 08:46:06 +0800
Subject: [PATCH 5/8] fix(tests): use .invalid TLD for unresolvable DNS test
 (#12416)

Signed-off-by: Bojun Chai <bojunchai@microsoft.com>
Co-authored-by: Bojun Chai <bojunchai@microsoft.com>
---
 tests/test_client_functional.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/test_client_functional.py b/tests/test_client_functional.py
index 51dfc6d44c9..9c621554719 100644
--- a/tests/test_client_functional.py
+++ b/tests/test_client_functional.py
@@ -3754,7 +3754,7 @@ async def handler(request: web.Request) -> NoReturn:
 
 async def test_aiohttp_request_ctx_manager_not_found() -> None:
     with pytest.raises(aiohttp.ClientConnectionError):
-        async with aiohttp.request("GET", "http://wrong-dns-name.com"):
+        async with aiohttp.request("GET", "http://wrong-dns-name.invalid"):
             assert False
 
 

From 457f5857d8f5ed901f5dc8dd5318171a042db8df Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 4 May 2026 00:57:56 +0000
Subject: [PATCH 6/8] Bump softprops/action-gh-release from 2 to 3 (#12361)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps
[softprops/action-gh-release](https://github.com/softprops/action-gh-release)
from 2 to 3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/softprops/action-gh-release/releases">softprops/action-gh-release's
releases</a>.</em></p>
<blockquote>
<h2>v3.0.0</h2>
<p><code>3.0.0</code> is a major release that moves the action runtime
from Node 20 to Node 24.
Use <code>v3</code> on GitHub-hosted runners and self-hosted fleets that
already support the
Node 24 Actions runtime. If you still need the last Node 20-compatible
line, stay on
<code>v2.6.2</code>.</p>
<h2>What's Changed</h2>
<h3>Other Changes 🔄</h3>
<ul>
<li>Move the action runtime and bundle target to Node 24</li>
<li>Update <code>@types/node</code> to the Node 24 line and allow future
Dependabot updates</li>
<li>Keep the floating major tag on <code>v3</code>; <code>v2</code>
remains pinned to the latest <code>2.x</code> release</li>
</ul>
<h2>v2.6.2</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<h3>Other Changes 🔄</h3>
<ul>
<li>chore(deps): bump picomatch from 4.0.3 to 4.0.4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/775">softprops/action-gh-release#775</a></li>
<li>chore(deps): bump brace-expansion from 5.0.4 to 5.0.5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/777">softprops/action-gh-release#777</a></li>
<li>chore(deps): bump vite from 8.0.0 to 8.0.5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/781">softprops/action-gh-release#781</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/softprops/action-gh-release/compare/v2...v2.6.2">https://github.com/softprops/action-gh-release/compare/v2...v2.6.2</a></p>
<h2>v2.6.1</h2>
<p><code>2.6.1</code> is a patch release focused on restoring linked
discussion thread creation when
<code>discussion_category_name</code> is set. It fixes
<code>[#764](https://github.com/softprops/action-gh-release/issues/764)</code>,
where the draft-first publish flow
stopped carrying the discussion category through the final publish
step.</p>
<p>If you still hit an issue after upgrading, please open a report with
the bug template and include a minimal repro or sanitized workflow
snippet where possible.</p>
<h2>What's Changed</h2>
<h3>Bug fixes 🐛</h3>
<ul>
<li>fix: preserve discussion category on publish by <a
href="https://github.com/chenrui333"><code>@​chenrui333</code></a> in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/765">softprops/action-gh-release#765</a></li>
</ul>
<h2>v2.6.0</h2>
<p><code>2.6.0</code> is a minor release centered on
<code>previous_tag</code> support for
<code>generate_release_notes</code>,
which lets workflows pin GitHub's comparison base explicitly instead of
relying on the default range.
It also includes the recent concurrent asset upload recovery fix, a
<code>working_directory</code> docs sync,
a checked-bundle freshness guard for maintainers, and clearer
immutable-prerelease guidance where
GitHub platform behavior imposes constraints on how prerelease asset
uploads can be published.</p>
<p>If you still hit an issue after upgrading, please open a report with
the bug template and include a minimal repro or sanitized workflow
snippet where possible.</p>
<h2>What's Changed</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md">softprops/action-gh-release's
changelog</a>.</em></p>
<blockquote>
<h2>0.1.13</h2>
<ul>
<li>fix issue with multiple runs concatenating release bodies <a
href="https://redirect.github.com/softprops/action-gh-release/pull/145">#145</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/softprops/action-gh-release/commit/b4309332981a82ec1c5618f44dd2e27cc8bfbfda"><code>b430933</code></a>
release: cut v3.0.0 for Node 24 upgrade (<a
href="https://redirect.github.com/softprops/action-gh-release/issues/670">#670</a>)</li>
<li><a
href="https://github.com/softprops/action-gh-release/commit/c2e35e05a74208bafbfcbdae5ebc9da7236e980f"><code>c2e35e0</code></a>
chore(deps): bump the npm group across 1 directory with 7 updates (<a
href="https://redirect.github.com/softprops/action-gh-release/issues/783">#783</a>)</li>
<li>See full diff in <a
href="https://github.com/softprops/action-gh-release/compare/v2...v3">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=softprops/action-gh-release&package-manager=github_actions&previous-version=2&new-version=3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Sam Bull <git@sambull.org>
---
 .github/workflows/ci-cd.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml
index 2d95315ad88..9557a8ff59a 100644
--- a/.github/workflows/ci-cd.yml
+++ b/.github/workflows/ci-cd.yml
@@ -713,7 +713,7 @@ jobs:
       # Confusingly, this action also supports updating releases, not
       # just creating them. This is what we want here, since we've manually
       # created the release above.
-      uses: softprops/action-gh-release@v2
+      uses: softprops/action-gh-release@v3
       with:
         # dist/ contains the built packages, which smoketest-artifacts/
         # contains the signatures and certificates.

From 0e70270028fe7144a5cf461975934340902cfaa6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 4 May 2026 02:28:58 +0000
Subject: [PATCH 7/8] Bump actions/upload-artifact from 6 to 7 (#12153)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps
[actions/upload-artifact](https://github.com/actions/upload-artifact)
from 6 to 7.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's
releases</a>.</em></p>
<blockquote>
<h2>v7.0.0</h2>
<h2>v7 What's new</h2>
<h3>Direct Uploads</h3>
<p>Adds support for uploading single files directly (unzipped). Callers
can set the new <code>archive</code> parameter to <code>false</code> to
skip zipping the file during upload. Right now, we only support single
files. The action will fail if the glob passed resolves to multiple
files. The <code>name</code> parameter is also ignored with this
setting. Instead, the name of the artifact will be the name of the
uploaded file.</p>
<h3>ESM</h3>
<p>To support new versions of the <code>@actions/*</code> packages,
we've upgraded the package to ESM.</p>
<h2>What's Changed</h2>
<ul>
<li>Add proxy integration test by <a
href="https://github.com/Link"><code>@​Link</code></a>- in <a
href="https://redirect.github.com/actions/upload-artifact/pull/754">actions/upload-artifact#754</a></li>
<li>Upgrade the module to ESM and bump dependencies by <a
href="https://github.com/danwkennedy"><code>@​danwkennedy</code></a> in
<a
href="https://redirect.github.com/actions/upload-artifact/pull/762">actions/upload-artifact#762</a></li>
<li>Support direct file uploads by <a
href="https://github.com/danwkennedy"><code>@​danwkennedy</code></a> in
<a
href="https://redirect.github.com/actions/upload-artifact/pull/764">actions/upload-artifact#764</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/Link"><code>@​Link</code></a>- made
their first contribution in <a
href="https://redirect.github.com/actions/upload-artifact/pull/754">actions/upload-artifact#754</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/upload-artifact/compare/v6...v7.0.0">https://github.com/actions/upload-artifact/compare/v6...v7.0.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/upload-artifact/commit/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f"><code>bbbca2d</code></a>
Support direct file uploads (<a
href="https://redirect.github.com/actions/upload-artifact/issues/764">#764</a>)</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/589182c5a4cec8920b8c1bce3e2fab1c97a02296"><code>589182c</code></a>
Upgrade the module to ESM and bump dependencies (<a
href="https://redirect.github.com/actions/upload-artifact/issues/762">#762</a>)</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/47309c993abb98030a35d55ef7ff34b7fa1074b5"><code>47309c9</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/upload-artifact/issues/754">#754</a>
from actions/Link-/add-proxy-integration-tests</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/02a8460834e70dab0ce194c64360c59dc1475ef0"><code>02a8460</code></a>
Add proxy integration test</li>
<li>See full diff in <a
href="https://github.com/actions/upload-artifact/compare/v6...v7">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/upload-artifact&package-manager=github_actions&previous-version=6&new-version=7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

You can trigger a rebase of this PR by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

> **Note**
> Automatic rebases have been disabled on this pull request as it has
been open for over 30 days.

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Sam Bull <git@sambull.org>
---
 .github/workflows/ci-cd.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml
index 9557a8ff59a..fbeb03f5b1f 100644
--- a/.github/workflows/ci-cd.yml
+++ b/.github/workflows/ci-cd.yml
@@ -147,7 +147,7 @@ jobs:
       run: |
         make generate-llhttp
     - name: Upload llhttp generated files
-      uses: actions/upload-artifact@v6
+      uses: actions/upload-artifact@v7
       with:
         name: llhttp
         path: vendor/llhttp/build
@@ -545,7 +545,7 @@ jobs:
       run: |
         python -m build --sdist
     - name: Upload artifacts
-      uses: actions/upload-artifact@v6
+      uses: actions/upload-artifact@v7
       with:
         name: dist-sdist
         path: dist
@@ -640,7 +640,7 @@ jobs:
         CIBW_SKIP: pp* ${{ matrix.musl == 'musllinux' && '*manylinux*' || '*musllinux*' }}
         CIBW_ARCHS_MACOS: x86_64 arm64 universal2
     - name: Upload wheels
-      uses: actions/upload-artifact@v6
+      uses: actions/upload-artifact@v7
       with:
         name: >-
           dist-${{ matrix.os }}-${{ matrix.musl }}-${{

From 0322d0eea01a45a31f7877b3bc929473aab97d19 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 4 May 2026 02:34:47 +0000
Subject: [PATCH 8/8] Bump actions/github-script from 8 to 9 (#12347)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps [actions/github-script](https://github.com/actions/github-script)
from 8 to 9.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/github-script/releases">actions/github-script's
releases</a>.</em></p>
<blockquote>
<h2>v9.0.0</h2>
<p><strong>New features:</strong></p>
<ul>
<li><strong><code>getOctokit</code> factory function</strong> —
Available directly in the script context. Create additional
authenticated Octokit clients with different tokens for multi-token
workflows, GitHub App tokens, and cross-org access. See <a
href="https://github.com/actions/github-script#creating-additional-clients-with-getoctokit">Creating
additional clients with <code>getOctokit</code></a> for details and
examples.</li>
<li><strong>Orchestration ID in user-agent</strong> — The
<code>ACTIONS_ORCHESTRATION_ID</code> environment variable is
automatically appended to the user-agent string for request
tracing.</li>
</ul>
<p><strong>Breaking changes:</strong></p>
<ul>
<li><strong><code>require('@actions/github')</code> no longer works in
scripts.</strong> The upgrade to <code>@actions/github</code> v9
(ESM-only) means <code>require('@actions/github')</code> will fail at
runtime. If you previously used patterns like <code>const { getOctokit }
= require('@actions/github')</code> to create secondary clients, use the
new injected <code>getOctokit</code> function instead — it's available
directly in the script context with no imports needed.</li>
<li><code>getOctokit</code> is now an injected function parameter.
Scripts that declare <code>const getOctokit = ...</code> or <code>let
getOctokit = ...</code> will get a <code>SyntaxError</code> because
JavaScript does not allow <code>const</code>/<code>let</code>
redeclaration of function parameters. Use the injected
<code>getOctokit</code> directly, or use <code>var getOctokit =
...</code> if you need to redeclare it.</li>
<li>If your script accesses other <code>@actions/github</code> internals
beyond the standard <code>github</code>/<code>octokit</code> client, you
may need to update those references for v9 compatibility.</li>
</ul>
<h2>What's Changed</h2>
<ul>
<li>Add ACTIONS_ORCHESTRATION_ID to user-agent string by <a
href="https://github.com/Copilot"><code>@​Copilot</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/695">actions/github-script#695</a></li>
<li>ci: use deployment: false for integration test environments by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/712">actions/github-script#712</a></li>
<li>feat!: add getOctokit to script context, upgrade
<code>@​actions/github</code> v9, <code>@​octokit/core</code> v7, and
related packages by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/700">actions/github-script#700</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/Copilot"><code>@​Copilot</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/github-script/pull/695">actions/github-script#695</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/github-script/compare/v8.0.0...v9.0.0">https://github.com/actions/github-script/compare/v8.0.0...v9.0.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/github-script/commit/3a2844b7e9c422d3c10d287c895573f7108da1b3"><code>3a2844b</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/github-script/issues/700">#700</a>
from actions/salmanmkc/expose-getoctokit + prepare re...</li>
<li><a
href="https://github.com/actions/github-script/commit/ca10bbdd1a7739de09e99a200c7a59f5d73a4079"><code>ca10bbd</code></a>
fix: use <code>@​octokit/core/</code>types import for v7
compatibility</li>
<li><a
href="https://github.com/actions/github-script/commit/86e48e20ac85c970ed1f96e718fd068173948b7b"><code>86e48e2</code></a>
merge: incorporate main branch changes</li>
<li><a
href="https://github.com/actions/github-script/commit/c1084728b5b935ec4ddc1e4cee877b01797b3ff9"><code>c108472</code></a>
chore: rebuild dist for v9 upgrade and getOctokit factory</li>
<li><a
href="https://github.com/actions/github-script/commit/afff112e4f8b57c718168af75b89ce00bc8d091d"><code>afff112</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/github-script/issues/712">#712</a>
from actions/salmanmkc/deployment-false + fix user-ag...</li>
<li><a
href="https://github.com/actions/github-script/commit/ff8117e5b78c415f814f39ad6998f424fee7b817"><code>ff8117e</code></a>
ci: fix user-agent test to handle orchestration ID</li>
<li><a
href="https://github.com/actions/github-script/commit/81c6b7876079abe10ff715951c9fc7b3e1ab389d"><code>81c6b78</code></a>
ci: use deployment: false to suppress deployment noise from integration
tests</li>
<li><a
href="https://github.com/actions/github-script/commit/3953caf8858d318f37b6cc53a9f5708859b5a7b7"><code>3953caf</code></a>
docs: update README examples from <a
href="https://github.com/v8"><code>@​v8</code></a> to <a
href="https://github.com/v9"><code>@​v9</code></a>, add getOctokit docs
and v9 brea...</li>
<li><a
href="https://github.com/actions/github-script/commit/c17d55b90dcdb3d554d0027a6c180a7adc2daf78"><code>c17d55b</code></a>
ci: add getOctokit integration test job</li>
<li><a
href="https://github.com/actions/github-script/commit/a047196d9a02fe92098771cafbb98c2f1814e408"><code>a047196</code></a>
test: add getOctokit integration tests via callAsyncFunction</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/github-script/compare/v8...v9">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/github-script&package-manager=github_actions&previous-version=8&new-version=9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Sam Bull <git@sambull.org>
---
 .github/workflows/labels.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/labels.yml b/.github/workflows/labels.yml
index e3f10214082..cb8e99f572d 100644
--- a/.github/workflows/labels.yml
+++ b/.github/workflows/labels.yml
@@ -11,7 +11,7 @@ jobs:
     name: Backport label added
     if: ${{ github.event.pull_request.user.type != 'Bot' }}
     steps:
-      - uses: actions/github-script@v8
+      - uses: actions/github-script@v9
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           script: |