Skip to content

chore(deps-dev): bump yarl from 1.20.1 to 1.24.2#1057

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/yarl-1.23.0
Closed

chore(deps-dev): bump yarl from 1.20.1 to 1.24.2#1057
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/yarl-1.23.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 19, 2026
edited
Loading

Bumps yarl from 1.20.1 to 1.24.2.

Release notes

Sourced from yarl's releases.

1.24.2

Contributor-facing changes

  • Switched the aarch64 and armv7l wheel builds to GitHub's native ARM runners. The aarch64 wheels now build without QEMU emulation, and armv7l runs on aarch64 hosts so its 32-bit ARM execution is far cheaper than the previous aarch64-on-x86_64 path -- by :user:bdraco.

    Related issues and pull requests on GitHub: #1724.

  • Restored per-runner native arches in the Windows wheel matrix on tag releases. The previous CIBW_ARCHS_WINDOWS=AMD64 ARM64 setting made both windows-latest and windows-11-arm cross-compile the other arch, producing two artifacts with identically-named wheels whose bytes differed; the deploy job's download-artifact ... merge-multiple step tore those writes together, yielding a wheel that PyPI rejected with 400 Invalid distribution file. ZIP archive not accepted: Mis-matched data size during the 1.24.0 and 1.24.1 releases -- by :user:bdraco.

    Related issues and pull requests on GitHub: #1725.

1.24.1

This release was yanked from PyPI due to a partial wheel publishing problem.

Contributor-facing changes

  • Allowed re-running the deploy job after a partial release failure: the Make Release step now skips when the GitHub Release already exists, and the PyPI publish step uses skip-existing so dists that were already uploaded on a prior attempt do not break the retry -- by :user:bdraco.

    Related issues and pull requests on GitHub: #1721.

1.24.0

This release was yanked from PyPI due to a partial wheel publishing problem.

... (truncated)

Changelog

Sourced from yarl's changelog.

v1.24.2

(2026-05-19)

Contributor-facing changes

  • Switched the aarch64 and armv7l wheel builds to GitHub's native ARM runners. The aarch64 wheels now build without QEMU emulation, and armv7l runs on aarch64 hosts so its 32-bit ARM execution is far cheaper than the previous aarch64-on-x86_64 path -- by :user:bdraco.

    Related issues and pull requests on GitHub: :issue:1724.

  • Restored per-runner native arches in the Windows wheel matrix on tag releases. The previous CIBW_ARCHS_WINDOWS=AMD64 ARM64 setting made both windows-latest and windows-11-arm cross-compile the other arch, producing two artifacts with identically-named wheels whose bytes differed; the deploy job's download-artifact ... merge-multiple step tore those writes together, yielding a wheel that PyPI rejected with 400 Invalid distribution file. ZIP archive not accepted: Mis-matched data size during the 1.24.0 and 1.24.1 releases -- by :user:bdraco.

    Related issues and pull requests on GitHub: :issue:1725.

v1.24.1

(2026-05-19)

Contributor-facing changes

  • Allowed re-running the deploy job after a partial release failure: the Make Release step now skips when the GitHub Release already exists, and the PyPI publish step uses skip-existing so dists that were already uploaded on a prior attempt do not break the retry -- by :user:bdraco.

... (truncated)

Commits

Most Recent Ignore Conditions Applied to This Pull Request
Dependency Name Ignore Conditions
yarl [>= 1.18.dev0, < 1.19]
yarl [>= 1.17.dev0, < 1.18]
yarl [>= 1.16.dev0, < 1.17]
yarl [>= 1.15.5.dev0, < 1.15.6]
yarl [< 1.16, > 1.15.2]

@dependabot dependabot Bot added dependencies python Pull requests that update Python code labels May 19, 2026
@dependabot dependabot Bot requested a review from a team as a code owner May 19, 2026 16:51
@dependabot dependabot Bot added dependencies python Pull requests that update Python code labels May 19, 2026
@github-actions github-actions Bot enabled auto-merge May 19, 2026 16:52
@dependabot dependabot Bot changed the title chore(deps-dev): bump yarl from 1.20.1 to 1.23.0 chore(deps-dev): bump yarl from 1.20.1 to 1.24.1 May 19, 2026
@dependabot dependabot Bot force-pushed the dependabot/pip/yarl-1.23.0 branch from 1a6caed to 1b8f2a1 Compare May 19, 2026 19:49
@dependabot
chore(deps-dev): bump yarl from 1.20.1 to 1.24.2
523d70a 
Bumps [yarl](https://github.com/aio-libs/yarl) from 1.20.1 to 1.24.2.
- [Release notes](https://github.com/aio-libs/yarl/releases)
- [Changelog](https://github.com/aio-libs/yarl/blob/master/CHANGES.rst)
- [Commits](aio-libs/yarl@v1.20.1...v1.24.2)

---
updated-dependencies:
- dependency-name: yarl
  dependency-version: 1.23.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title chore(deps-dev): bump yarl from 1.20.1 to 1.24.1 chore(deps-dev): bump yarl from 1.20.1 to 1.24.2 May 20, 2026
@dependabot dependabot Bot force-pushed the dependabot/pip/yarl-1.23.0 branch from 1b8f2a1 to 523d70a Compare May 20, 2026 00:27
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented May 20, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@ramsessanchez ramsessanchez mentioned this pull request May 20, 2026
Open
@ramsessanchez
Copy link
Copy Markdown
Contributor

ramsessanchez commented May 20, 2026

Superseded by #1067

auto-merge was automatically disabled May 20, 2026 22:46

Pull request was closed

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 20, 2026

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot Bot deleted the dependabot/pip/yarl-1.23.0 branch May 20, 2026 22:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ramsessanchez