From d9fb9367f6f9ca8e54311a7f5384b6c890ef175c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 22 Jan 2026 10:56:03 +0000
Subject: [PATCH 1/2] Bump wheel from 0.46.0 to 0.46.2 (#11977)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps [wheel](https://github.com/pypa/wheel) from 0.46.0 to 0.46.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/wheel/releases">wheel's
releases</a>.</em></p>
<blockquote>
<h2>0.46.2</h2>
<ul>
<li>Restored the <code>bdist_wheel</code> command for compatibility with
<code>setuptools</code> older than v70.1</li>
<li>Importing <code>wheel.bdist_wheel</code> now emits a
<code>FutureWarning</code> instead of a
<code>DeprecationWarning</code></li>
<li>Fixed <code>wheel unpack</code> potentially altering the permissions
of files outside of the destination tree with maliciously crafted wheels
(CVE-2026-24049)</li>
</ul>
<h2>0.46.1</h2>
<ul>
<li>Temporarily restored the <code>wheel.macosx_libfile</code> module
(<a
href="https://redirect.github.com/pypa/wheel/issues/659">#659</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/wheel/blob/main/docs/news.rst">wheel's
changelog</a>.</em></p>
<blockquote>
<h1>Release Notes</h1>
<p><strong>0.46.2 (2026-01-22)</strong></p>
<ul>
<li>Restored the <code>bdist_wheel</code> command for compatibility with
<code>setuptools</code> older than
v70.1</li>
<li>Importing <code>wheel.bdist_wheel</code> now emits a
<code>FutureWarning</code> instead of a
<code>DeprecationWarning</code></li>
<li>Fixed <code>wheel unpack</code> potentially altering the permissions
of files outside of the
destination tree with maliciously crafted wheels (CVE-2026-24049)</li>
</ul>
<p><strong>0.46.1 (2025-04-08)</strong></p>
<ul>
<li>Temporarily restored the <code>wheel.macosx_libfile</code> module
(<code>[#659](https://github.com/pypa/wheel/issues/659)
&lt;https://github.com/pypa/wheel/issues/659&gt;</code>_)</li>
</ul>
<p><strong>0.46.0 (2025-04-03)</strong></p>
<ul>
<li>Dropped support for Python 3.8</li>
<li>Removed the <code>bdist_wheel</code> setuptools command
implementation and entry point.
The <code>wheel.bdist_wheel</code> module is now just an alias to
<code>setuptools.command.bdist_wheel</code>, emitting a deprecation
warning on import.</li>
<li>Removed vendored <code>packaging</code> in favor of a run-time
dependency on it</li>
<li>Made the <code>wheel.metadata</code> module private (with a
deprecation warning if it's
imported</li>
<li>Made the <code>wheel.cli</code> package private (no deprecation
warning)</li>
<li>Fixed an exception when calling the <code>convert</code> command
with an empty description
field</li>
</ul>
<p><strong>0.45.1 (2024-11-23)</strong></p>
<ul>
<li>Fixed pure Python wheels converted from eggs and wininst files
having the ABI tag in
the file name</li>
</ul>
<p><strong>0.45.0 (2024-11-08)</strong></p>
<ul>
<li>
<p>Refactored the <code>convert</code> command to not need setuptools to
be installed</p>
</li>
<li>
<p>Don't configure setuptools logging unless running
<code>bdist_wheel</code></p>
</li>
<li>
<p>Added a redirection from <code>wheel.bdist_wheel.bdist_wheel</code>
to
<code>setuptools.command.bdist_wheel.bdist_wheel</code> to improve
compatibility with
<code>setuptools</code>' latest fixes.</p>
<p>Projects are still advised to migrate away from the deprecated module
and import
the <code>setuptools</code>' implementation explicitly. (PR by <a
href="https://github.com/abravalheri"><code>@​abravalheri</code></a>)</p>
</li>
</ul>
<p><strong>0.44.0 (2024-08-04)</strong></p>
<ul>
<li>Canonicalized requirements in METADATA file (PR by Wim
Jeantine-Glenn)</li>
<li>Deprecated the <code>bdist_wheel</code> module, as the code was
migrated to <code>setuptools</code></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/wheel/commit/eba4036ccaca4e2d0c5b5bf3e3be59b2b2877d6b"><code>eba4036</code></a>
Updated the version number for v0.46.2</li>
<li><a
href="https://github.com/pypa/wheel/commit/557fb5425036ccca95330b2c8875e54c9f4483cf"><code>557fb54</code></a>
Created a new release</li>
<li><a
href="https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef"><code>7a7d2de</code></a>
Fixed security issue around wheel unpack (<a
href="https://redirect.github.com/pypa/wheel/issues/675">#675</a>)</li>
<li><a
href="https://github.com/pypa/wheel/commit/41418fac233d6973ea8798d620df4aa5b3aa1b66"><code>41418fa</code></a>
Fixed test failures due to metadata normalization changes</li>
<li><a
href="https://github.com/pypa/wheel/commit/c1d442bec6c634fcfb89e5d58698dd226685bd14"><code>c1d442b</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/pypa/wheel/issues/674">#674</a>)</li>
<li><a
href="https://github.com/pypa/wheel/commit/0bac8820ec90b1aaa0695d79a56563137b48686d"><code>0bac882</code></a>
Update github actions environments (<a
href="https://redirect.github.com/pypa/wheel/issues/673">#673</a>)</li>
<li><a
href="https://github.com/pypa/wheel/commit/be9f45b4ee1210b2a815d2eefea56b71efd99d63"><code>be9f45b</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/pypa/wheel/issues/667">#667</a>)</li>
<li><a
href="https://github.com/pypa/wheel/commit/6244f08bb92d7569da6c2fbea23de0846ad34ff3"><code>6244f08</code></a>
Update pre-commit ruff legacy alias (<a
href="https://redirect.github.com/pypa/wheel/issues/668">#668</a>)</li>
<li><a
href="https://github.com/pypa/wheel/commit/15b7577654e8bcd23e009c6bac036b65c11d8d8f"><code>15b7577</code></a>
PEP 639 compliance (<a
href="https://redirect.github.com/pypa/wheel/issues/670">#670</a>)</li>
<li><a
href="https://github.com/pypa/wheel/commit/fc8cb4163e4f48d86092cb2a16076f1b3efcd10f"><code>fc8cb41</code></a>
Revert &quot;Removed redundant Python version from the publish workflow
(<a
href="https://redirect.github.com/pypa/wheel/issues/666">#666</a>)&quot;</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/wheel/compare/0.46.0...0.46.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=wheel&package-manager=pip&previous-version=0.46.0&new-version=0.46.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 requirements/constraints.txt | 2 +-
 requirements/dev.txt         | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements/constraints.txt b/requirements/constraints.txt
index bdff40fd427..08eb6f05003 100644
--- a/requirements/constraints.txt
+++ b/requirements/constraints.txt
@@ -279,7 +279,7 @@ virtualenv==20.36.1
     # via pre-commit
 wait-for-it==2.3.0
     # via -r requirements/test-common.in
-wheel==0.46.0
+wheel==0.46.2
     # via pip-tools
 yarl==1.22.0
     # via -r requirements/runtime-deps.in
diff --git a/requirements/dev.txt b/requirements/dev.txt
index ea8bb7c7e8d..ae5a4464f0f 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -269,7 +269,7 @@ virtualenv==20.36.1
     # via pre-commit
 wait-for-it==2.3.0
     # via -r requirements/test-common.in
-wheel==0.46.0
+wheel==0.46.2
     # via pip-tools
 yarl==1.22.0
     # via -r requirements/runtime-deps.in

From 00cb121e6121e6851ca072eb61ef2c64620116bb Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 22 Jan 2026 11:01:16 +0000
Subject: [PATCH 2/2] Bump packaging from 25.0 to 26.0 (#11978)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps [packaging](https://github.com/pypa/packaging) from 25.0 to 26.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/packaging/releases">packaging's
releases</a>.</em></p>
<blockquote>
<h2>26.0</h2>
<p>Read about the performance improvements here: <a
href="https://iscinumpy.dev/post/packaging-faster">https://iscinumpy.dev/post/packaging-faster</a>.</p>
<h2>What's Changed</h2>
<p>Features:</p>
<ul>
<li>PEP 751: support pylock by <a
href="https://github.com/sbidoul"><code>@​sbidoul</code></a> in <a
href="https://redirect.github.com/pypa/packaging/pull/900">pypa/packaging#900</a></li>
<li>PEP 794: import name metadata by <a
href="https://github.com/brettcannon"><code>@​brettcannon</code></a> in
<a
href="https://redirect.github.com/pypa/packaging/pull/948">pypa/packaging#948</a></li>
<li>Support writing metadata by <a
href="https://github.com/henryiii"><code>@​henryiii</code></a> in <a
href="https://redirect.github.com/pypa/packaging/pull/846">pypa/packaging#846</a></li>
<li>Support <code>__replace__</code> for <code>Version</code> by <a
href="https://github.com/henryiii"><code>@​henryiii</code></a> in <a
href="https://redirect.github.com/pypa/packaging/pull/1003">pypa/packaging#1003</a></li>
<li>Support positional pattern matching for <code>Version</code> and
<code>Specifier</code> by <a
href="https://github.com/henryiii"><code>@​henryiii</code></a> in <a
href="https://redirect.github.com/pypa/packaging/pull/1004">pypa/packaging#1004</a></li>
</ul>
<p>Behavior adaptations:</p>
<ul>
<li>PEP 440 handling of prereleases for <code>Specifier.contains</code>,
<code>SpecifierSet.contains</code>, and <code>SpecifierSet.filter</code>
by <a
href="https://github.com/notatallshaw"><code>@​notatallshaw</code></a>
in <a
href="https://redirect.github.com/pypa/packaging/pull/897">pypa/packaging#897</a></li>
<li>Handle PEP 440 edge case in <code>SpecifierSet.filter</code> by <a
href="https://github.com/notatallshaw"><code>@​notatallshaw</code></a>
in <a
href="https://redirect.github.com/pypa/packaging/pull/942">pypa/packaging#942</a></li>
<li>Adjust arbitrary equality intersection preservation in
<code>SpecifierSet</code> by <a
href="https://github.com/notatallshaw"><code>@​notatallshaw</code></a>
in <a
href="https://redirect.github.com/pypa/packaging/pull/951">pypa/packaging#951</a></li>
<li>Return <code>False</code> instead of raising for
<code>.contains</code> with invalid version by <a
href="https://github.com/Liam-DeVoe"><code>@​Liam-DeVoe</code></a> in <a
href="https://redirect.github.com/pypa/packaging/pull/932">pypa/packaging#932</a></li>
<li>Support arbitrary equality on arbitrary strings for
<code>Specifier</code> and <code>SpecifierSet</code>'s
<code>filter</code> and <code>contains</code> method. by <a
href="https://github.com/notatallshaw"><code>@​notatallshaw</code></a>
in <a
href="https://redirect.github.com/pypa/packaging/pull/954">pypa/packaging#954</a></li>
<li>Only try to parse as <code>Version</code> on certain marker keys,
return <code>False</code> on unequal ordered comparsions by <a
href="https://github.com/JP-Ellis"><code>@​JP-Ellis</code></a> in <a
href="https://redirect.github.com/pypa/packaging/pull/939">pypa/packaging#939</a></li>
</ul>
<p>Fixes:</p>
<ul>
<li>Update <code>_hash</code> when unpickling <code>Tag()</code> by <a
href="https://github.com/dholth"><code>@​dholth</code></a> in <a
href="https://redirect.github.com/pypa/packaging/pull/860">pypa/packaging#860</a></li>
<li>Correct comment and simplify implicit prerelease handling in
<code>Specifier.prereleases</code> by <a
href="https://github.com/notatallshaw"><code>@​notatallshaw</code></a>
in <a
href="https://redirect.github.com/pypa/packaging/pull/896">pypa/packaging#896</a></li>
<li>Use explicit <code>_GLibCVersion</code> <code>NamedTuple</code> in
<code>_manylinux</code> by <a
href="https://github.com/cthoyt"><code>@​cthoyt</code></a> in <a
href="https://redirect.github.com/pypa/packaging/pull/868">pypa/packaging#868</a></li>
<li>Detect invalid license expressions containing <code>()</code> by <a
href="https://github.com/bwoodsend"><code>@​bwoodsend</code></a> in <a
href="https://redirect.github.com/pypa/packaging/pull/879">pypa/packaging#879</a></li>
<li>Correct regex for metadata <code>'name'</code> format by <a
href="https://github.com/di"><code>@​di</code></a> in <a
href="https://redirect.github.com/pypa/packaging/pull/925">pypa/packaging#925</a></li>
<li>Improve the message around expecting a semicolon by <a
href="https://github.com/pradyunsg"><code>@​pradyunsg</code></a> in <a
href="https://redirect.github.com/pypa/packaging/pull/833">pypa/packaging#833</a></li>
<li>Support nested parens in license expressions by <a
href="https://github.com/Liam-DeVoe"><code>@​Liam-DeVoe</code></a> in <a
href="https://redirect.github.com/pypa/packaging/pull/931">pypa/packaging#931</a></li>
<li>Add space before at symbol in <code>Requirements</code> string by <a
href="https://github.com/henryiii"><code>@​henryiii</code></a> in <a
href="https://redirect.github.com/pypa/packaging/pull/953">pypa/packaging#953</a></li>
<li>A root logger use found by ruff LOG, use <code>packaging</code>
logger instead by <a
href="https://github.com/henryiii"><code>@​henryiii</code></a> in <a
href="https://redirect.github.com/pypa/packaging/pull/965">pypa/packaging#965</a></li>
<li>Better support for subclassing <code>Marker</code> and
<code>Requirement</code> by <a
href="https://github.com/henryiii"><code>@​henryiii</code></a> in <a
href="https://redirect.github.com/pypa/packaging/pull/1022">pypa/packaging#1022</a></li>
<li>Normalize all extras, not just if it comes first by <a
href="https://github.com/henryiii"><code>@​henryiii</code></a> in <a
href="https://redirect.github.com/pypa/packaging/pull/1024">pypa/packaging#1024</a></li>
<li>Don't produce a broken repr if <code>Marker</code> fails to
construct by <a
href="https://github.com/henryiii"><code>@​henryiii</code></a> in <a
href="https://redirect.github.com/pypa/packaging/pull/1033">pypa/packaging#1033</a></li>
</ul>
<p>Performance:</p>
<ul>
<li>Avoid recompiling regexes in the tokenizer for a 3x speedup by <a
href="https://github.com/hauntsaninja"><code>@​hauntsaninja</code></a>
in <a
href="https://redirect.github.com/pypa/packaging/pull/1019">pypa/packaging#1019</a></li>
<li>Improve performance in <code>_manylinux.py</code> by <a
href="https://github.com/cthoyt"><code>@​cthoyt</code></a> in <a
href="https://redirect.github.com/pypa/packaging/pull/869">pypa/packaging#869</a></li>
<li>Minor cleanups to <code>Version</code> by <a
href="https://github.com/bearomorphism"><code>@​bearomorphism</code></a>
in <a
href="https://redirect.github.com/pypa/packaging/pull/913">pypa/packaging#913</a></li>
<li>Skip redundant creation of <code>Version</code>s in specifier
comparison by <a
href="https://github.com/notatallshaw"><code>@​notatallshaw</code></a>
in <a
href="https://redirect.github.com/pypa/packaging/pull/986">pypa/packaging#986</a></li>
<li>Cache <code>Specifier</code>'s Version by <a
href="https://github.com/notatallshaw"><code>@​notatallshaw</code></a>
in <a
href="https://redirect.github.com/pypa/packaging/pull/985">pypa/packaging#985</a></li>
<li>Make <code>Version</code> a little faster by <a
href="https://github.com/henryiii"><code>@​henryiii</code></a> in <a
href="https://redirect.github.com/pypa/packaging/pull/987">pypa/packaging#987</a></li>
<li>Minor <code>Version</code> regex cleanup by <a
href="https://github.com/henryiii"><code>@​henryiii</code></a> in <a
href="https://redirect.github.com/pypa/packaging/pull/990">pypa/packaging#990</a></li>
<li>Faster regex on Python 3.11.5+ by <a
href="https://github.com/henryiii"><code>@​henryiii</code></a> in <a
href="https://redirect.github.com/pypa/packaging/pull/988">pypa/packaging#988</a>
and <a
href="https://redirect.github.com/pypa/packaging/pull/1055">pypa/packaging#1055</a></li>
<li>Lazily calculate <code>_key</code> in <code>Version</code> by <a
href="https://github.com/notatallshaw"><code>@​notatallshaw</code></a>
in <a
href="https://redirect.github.com/pypa/packaging/pull/989">pypa/packaging#989</a>
and regression for <code>packaging_legacy</code> fixed by <a
href="https://github.com/henryiii"><code>@​henryiii</code></a> in <a
href="https://redirect.github.com/pypa/packaging/pull/1048">pypa/packaging#1048</a></li>
<li>Faster <code>canonicalize_version</code> by <a
href="https://github.com/henryiii"><code>@​henryiii</code></a> in <a
href="https://redirect.github.com/pypa/packaging/pull/993">pypa/packaging#993</a></li>
<li>Use <code>fullmatch</code> in a couple more places by <a
href="https://github.com/henryiii"><code>@​henryiii</code></a> in <a
href="https://redirect.github.com/pypa/packaging/pull/992">pypa/packaging#992</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/packaging/blob/main/CHANGELOG.rst">packaging's
changelog</a>.</em></p>
<blockquote>
<p>26.0 - 2026-01-20</p>
<pre><code>
Features:
<ul>
<li>PEP 751: support pylock (:pull:<code>900</code>)</li>
<li>PEP 794: import name metadata (:pull:<code>948</code>)</li>
<li>Support for writing metadata to a file (:pull:<code>846</code>)</li>
<li>Support <code>__replace__</code> on Version
(:pull:<code>1003</code>)</li>
<li>Support positional pattern matching for <code>Version</code> and
<code>SpecifierSet</code> (:pull:<code>1004</code>)</li>
</ul>
<p>Behavior adaptations:</p>
<ul>
<li>PEP 440 handling of prereleases for <code>Specifier.contains</code>,
<code>SpecifierSet.contains</code>, and <code>SpecifierSet.filter</code>
(:pull:<code>897</code>)</li>
<li>Handle PEP 440 edge case in <code>SpecifierSet.filter</code>
(:pull:<code>942</code>)</li>
<li>Adjust arbitrary equality intersection preservation in
<code>SpecifierSet</code> (:pull:<code>951</code>)</li>
<li>Return <code>False</code> instead of raising for
<code>.contains</code> with invalid version
(:pull:<code>932</code>)</li>
<li>Support arbitrary equality on arbitrary strings for
<code>Specifier</code> and <code>SpecifierSet</code>'s
<code>filter</code> and <code>contains</code> method.
(:pull:<code>954</code>)</li>
<li>Only try to parse as <code>Version</code> on certain marker keys,
return <code>False</code> on unequal ordered comparisons
(:pull:<code>939</code>)</li>
</ul>
<p>Fixes:</p>
<ul>
<li>Update <code>_hash</code> when unpickling <code>Tag()</code>
(:pull:<code>860</code>)</li>
<li>Correct comment and simplify implicit prerelease handling in
<code>Specifier.prereleases</code> (:pull:<code>896</code>)</li>
<li>Use explicit <code>_GLibCVersion</code> <code>NamedTuple</code> in
<code>_manylinux</code> (:pull:<code>868</code>)</li>
<li>Detect invalid license expressions containing <code>()</code>
(:pull:<code>879</code>)</li>
<li>Correct regex for metadata <code>'name'</code> format
(:pull:<code>925</code>)</li>
<li>Improve the message around expecting a semicolon
(:pull:<code>833</code>)</li>
<li>Support nested parens in license expressions
(:pull:<code>931</code>)</li>
<li>Add space before at symbol in <code>Requirements</code> string
(:pull:<code>953</code>)</li>
<li>A root logger use found, use a <code>packaging</code> logger instead
(:pull:<code>965</code>)</li>
<li>Better support for subclassing <code>Marker</code> and
<code>Requirement</code> (:pull:<code>1022</code>)</li>
<li>Normalize all extras, not just if it comes first
(:pull:<code>1024</code>)</li>
<li>Don't produce a broken repr if <code>Marker</code> fails to
construct (:pull:<code>1033</code>)</li>
</ul>
<p>Performance:</p>
<ul>
<li>Avoid recompiling regexes in the tokenizer for a 3x speedup
(:pull:<code>1019</code>)</li>
<li>Improve performance in <code>_manylinux.py</code>
(:pull:<code>869</code>)</li>
<li>Minor cleanups to <code>Version</code> (:pull:<code>913</code>)</li>
<li>Skip redundant creation of <code>Version</code>'s in specifier
comparison (:pull:<code>986</code>)</li>
<li>Cache the <code>Specifier</code>'s <code>Version</code>
(:pull:<code>985</code>)</li>
<li>Make <code>Version</code> a little faster
(:pull:<code>987</code>)</li>
<li>Minor <code>Version</code> regex cleanup
(:pull:<code>990</code>)</li>
<li>Faster regex on Python 3.11.5+ for <code>Version</code>
(:pull:<code>988</code>, :pull:<code>1055</code>)</li>
<li>Lazily calculate <code>_key</code> in <code>Version</code>
(:pull:<code>989</code>, :pull:<code>1048</code>)</li>
<li>Faster <code>canonicalize_version</code>
(:pull:<code>993</code>)</li>
<li>Use <code>re.fullmatch</code> in a couple more places
(:pull:<code>992</code>, :pull:<code>1029</code>)</li>
<li>Use <code>map</code> instead of generator
(:pull:<code>996</code>)</li>
<li>Deprecate <code>._version</code> (<code>_Version</code>, a
<code>NamedTuple</code>) (:pull:<code>995</code>,
:pull:<code>1062</code>)<br />
&lt;/tr&gt;&lt;/table&gt;<br />
</code></pre></li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/packaging/commit/3b77a26f5a27473ad3b08194d773f325d018a2d0"><code>3b77a26</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/packaging/commit/31371cce593d2bde0dd8c436ecfb7d53cb91cfb6"><code>31371cc</code></a>
docs: prepare for 26.0 final (<a
href="https://redirect.github.com/pypa/packaging/issues/1063">#1063</a>)</li>
<li><a
href="https://github.com/pypa/packaging/commit/9627a8821f09e4c55cd6e9daadb617b67c4741c2"><code>9627a88</code></a>
perf: dual replace (<a
href="https://redirect.github.com/pypa/packaging/issues/1064">#1064</a>)</li>
<li><a
href="https://github.com/pypa/packaging/commit/d5398b8bc19f3fad7b035ceb83023caf06d6e2da"><code>d5398b8</code></a>
fix: restore ._version as a compat shim (<a
href="https://redirect.github.com/pypa/packaging/issues/1062">#1062</a>)</li>
<li><a
href="https://github.com/pypa/packaging/commit/3a7b600a126d237b2ad3cd7e25d2cb5c176276af"><code>3a7b600</code></a>
Bump for development</li>
<li><a
href="https://github.com/pypa/packaging/commit/d4eefdccf992e963c48011875301d93df6a7f2cc"><code>d4eefdc</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/packaging/commit/46189124fb43d8989d370902c80ab156eb83a45d"><code>4618912</code></a>
docs: prepare for 26.0rc3 (<a
href="https://redirect.github.com/pypa/packaging/issues/1060">#1060</a>)</li>
<li><a
href="https://github.com/pypa/packaging/commit/0cf1b41b4b321ae08cad7d3e49cfaff5578fe813"><code>0cf1b41</code></a>
ci: test on first public release of CPythons (<a
href="https://redirect.github.com/pypa/packaging/issues/1056">#1056</a>)</li>
<li><a
href="https://github.com/pypa/packaging/commit/716beb1c0a5d7a398bf57fbd80bc2501811e616b"><code>716beb1</code></a>
perf: 10% faster stripping zeros (<a
href="https://redirect.github.com/pypa/packaging/issues/1058">#1058</a>)</li>
<li><a
href="https://github.com/pypa/packaging/commit/350a2306700b738f487f251efa278f532b263dee"><code>350a230</code></a>
fix: support CPython 3.11.0-3.11.4 and older PyPy3.11 (<a
href="https://redirect.github.com/pypa/packaging/issues/1055">#1055</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/packaging/compare/25.0...26.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=packaging&package-manager=pip&previous-version=25.0&new-version=26.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 requirements/base-ft.txt      |  2 +-
 requirements/base.txt         |  2 +-
 requirements/constraints.txt  |  2 +-
 requirements/dev.txt          |  2 +-
 requirements/doc-spelling.txt | 12 ++++++------
 requirements/doc.txt          | 10 +++++-----
 requirements/lint.txt         |  2 +-
 requirements/test-common.txt  |  2 +-
 requirements/test-ft.txt      |  2 +-
 requirements/test.txt         |  2 +-
 10 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/requirements/base-ft.txt b/requirements/base-ft.txt
index f702a7cf0bd..5eea5e363c9 100644
--- a/requirements/base-ft.txt
+++ b/requirements/base-ft.txt
@@ -30,7 +30,7 @@ multidict==6.7.0
     # via
     #   -r requirements/runtime-deps.in
     #   yarl
-packaging==25.0
+packaging==26.0
     # via gunicorn
 propcache==0.4.1
     # via
diff --git a/requirements/base.txt b/requirements/base.txt
index 94528a3f74a..83b0243fc07 100644
--- a/requirements/base.txt
+++ b/requirements/base.txt
@@ -30,7 +30,7 @@ multidict==6.7.0
     # via
     #   -r requirements/runtime-deps.in
     #   yarl
-packaging==25.0
+packaging==26.0
     # via gunicorn
 propcache==0.4.1
     # via
diff --git a/requirements/constraints.txt b/requirements/constraints.txt
index 08eb6f05003..ab3d0042d59 100644
--- a/requirements/constraints.txt
+++ b/requirements/constraints.txt
@@ -123,7 +123,7 @@ mypy-extensions==1.1.0
     # via mypy
 nodeenv==1.10.0
     # via pre-commit
-packaging==25.0
+packaging==26.0
     # via
     #   build
     #   gunicorn
diff --git a/requirements/dev.txt b/requirements/dev.txt
index ae5a4464f0f..1f4478aa497 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -120,7 +120,7 @@ mypy-extensions==1.1.0
     # via mypy
 nodeenv==1.10.0
     # via pre-commit
-packaging==25.0
+packaging==26.0
     # via
     #   build
     #   gunicorn
diff --git a/requirements/doc-spelling.txt b/requirements/doc-spelling.txt
index e78b5d2df62..c4afb0014f1 100644
--- a/requirements/doc-spelling.txt
+++ b/requirements/doc-spelling.txt
@@ -5,7 +5,7 @@
 #    pip-compile --allow-unsafe --output-file=requirements/doc-spelling.txt --strip-extras requirements/doc-spelling.in
 #
 aiohttp-theme==0.1.7
-    # via -r doc.in
+    # via -r requirements/doc.in
 alabaster==1.0.0
     # via sphinx
 babel==2.17.0
@@ -28,7 +28,7 @@ jinja2==3.1.6
     #   towncrier
 markupsafe==3.0.3
     # via jinja2
-packaging==25.0
+packaging==26.0
     # via sphinx
 pyenchant==3.3.0
     # via sphinxcontrib-spelling
@@ -42,7 +42,7 @@ snowballstemmer==3.0.1
     # via sphinx
 sphinx==8.1.3
     # via
-    #   -r doc.in
+    #   -r requirements/doc.in
     #   sphinxcontrib-spelling
     #   sphinxcontrib-towncrier
 sphinxcontrib-applehelp==2.0.0
@@ -58,16 +58,16 @@ sphinxcontrib-qthelp==2.0.0
 sphinxcontrib-serializinghtml==2.0.0
     # via sphinx
 sphinxcontrib-spelling==8.0.2 ; platform_system != "Windows"
-    # via -r doc-spelling.in
+    # via -r requirements/doc-spelling.in
 sphinxcontrib-towncrier==0.5.0a0
-    # via -r doc.in
+    # via -r requirements/doc.in
 tomli==2.3.0
     # via
     #   sphinx
     #   towncrier
 towncrier==25.8.0
     # via
-    #   -r doc.in
+    #   -r requirements/doc.in
     #   sphinxcontrib-towncrier
 urllib3==2.6.3
     # via requests
diff --git a/requirements/doc.txt b/requirements/doc.txt
index cf3baf2019d..5f393559337 100644
--- a/requirements/doc.txt
+++ b/requirements/doc.txt
@@ -5,7 +5,7 @@
 #    pip-compile --allow-unsafe --output-file=requirements/doc.txt --resolver=backtracking --strip-extras requirements/doc.in
 #
 aiohttp-theme==0.1.7
-    # via -r doc.in
+    # via -r requirements/doc.in
 alabaster==1.0.0
     # via sphinx
 babel==2.17.0
@@ -28,7 +28,7 @@ jinja2==3.1.6
     #   towncrier
 markupsafe==3.0.3
     # via jinja2
-packaging==25.0
+packaging==26.0
     # via sphinx
 pygments==2.19.2
     # via sphinx
@@ -38,7 +38,7 @@ snowballstemmer==3.0.1
     # via sphinx
 sphinx==8.1.3
     # via
-    #   -r doc.in
+    #   -r requirements/doc.in
     #   sphinxcontrib-towncrier
 sphinxcontrib-applehelp==2.0.0
     # via sphinx
@@ -53,14 +53,14 @@ sphinxcontrib-qthelp==2.0.0
 sphinxcontrib-serializinghtml==2.0.0
     # via sphinx
 sphinxcontrib-towncrier==0.5.0a0
-    # via -r doc.in
+    # via -r requirements/doc.in
 tomli==2.3.0
     # via
     #   sphinx
     #   towncrier
 towncrier==25.8.0
     # via
-    #   -r doc.in
+    #   -r requirements/doc.in
     #   sphinxcontrib-towncrier
 urllib3==2.6.3
     # via requests
diff --git a/requirements/lint.txt b/requirements/lint.txt
index 0d69846f5a3..92acb79dd21 100644
--- a/requirements/lint.txt
+++ b/requirements/lint.txt
@@ -55,7 +55,7 @@ mypy-extensions==1.1.0
     # via mypy
 nodeenv==1.10.0
     # via pre-commit
-packaging==25.0
+packaging==26.0
     # via pytest
 pathspec==1.0.3
     # via mypy
diff --git a/requirements/test-common.txt b/requirements/test-common.txt
index 82f918dfcd1..f79871331d0 100644
--- a/requirements/test-common.txt
+++ b/requirements/test-common.txt
@@ -44,7 +44,7 @@ mypy==1.19.1 ; implementation_name == "cpython"
     # via -r requirements/test-common.in
 mypy-extensions==1.1.0
     # via mypy
-packaging==25.0
+packaging==26.0
     # via pytest
 pathspec==1.0.3
     # via mypy
diff --git a/requirements/test-ft.txt b/requirements/test-ft.txt
index 256cbfc67bd..ba5086237d4 100644
--- a/requirements/test-ft.txt
+++ b/requirements/test-ft.txt
@@ -69,7 +69,7 @@ mypy==1.19.1 ; implementation_name == "cpython"
     # via -r requirements/test-common.in
 mypy-extensions==1.1.0
     # via mypy
-packaging==25.0
+packaging==26.0
     # via
     #   gunicorn
     #   pytest
diff --git a/requirements/test.txt b/requirements/test.txt
index ccfd31e8cc5..2dec33bc0bf 100644
--- a/requirements/test.txt
+++ b/requirements/test.txt
@@ -69,7 +69,7 @@ mypy==1.19.1 ; implementation_name == "cpython"
     # via -r requirements/test-common.in
 mypy-extensions==1.1.0
     # via mypy
-packaging==25.0
+packaging==26.0
     # via
     #   gunicorn
     #   pytest