Skip to content

chore(deps-dev): bump wrapt from 2.2.0 to 2.2.1#1517

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/wrapt-2.2.1
Closed

chore(deps-dev): bump wrapt from 2.2.0 to 2.2.1#1517
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/wrapt-2.2.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 3, 2026

Copy link
Copy Markdown
Contributor

Bumps wrapt from 2.2.0 to 2.2.1.

Release notes

Sourced from wrapt's releases.

wrapt 2.2.1

Full release notes: https://wrapt.readthedocs.io/en/latest/changes.html#version-2-2-1

Install from PyPi (recommended):

pip install wrapt==2.2.1

PyPi uploads follow each GitHub release; if pip reports the version is unavailable, the matching PyPi upload may not have happened yet.

Pre-built wheels are provided for a range of Python versions and platforms (Linux x86_64/aarch64/riscv64, macOS x86_64 and arm64, Windows x86_64 and arm64, plus PyPy and free-threaded builds). The source distribution is also attached together with SHA256SUMS for verification.

wrapt 2.2.1rc1

Release candidate. Release notes for the upcoming 2.2.1 final (work in progress): https://wrapt.readthedocs.io/en/latest/changes.html#version-2-2-1

May be installable from PyPi:

pip install wrapt==2.2.1rc1

If pip reports the version is unavailable, this candidate either has not been uploaded yet or is not being published to PyPi. Use the attached wheels or build from the source distribution instead:

tar xf wrapt-2.2.1rc1.tar.gz
cd wrapt-2.2.1rc1
pip install .

SHA256SUMS is attached for verification of the archives.

Changelog

Sourced from wrapt's changelog.

Version 2.2.1

Bugs Fixed

  • Reverted the change in 2.2.0 which had aligned the C implementation of FunctionWrapper.__get__ with the pure Python implementation by substituting Py_None for NULL before invoking the wrapped descriptor's __get__ slot. The change was based on a misreading of what the pure Python path does once it crosses back into C. The pure Python path calls self.__wrapped__.__get__(None, owner) from Python, and for any built-in descriptor that call is dispatched through the __get__ slot wrapper inside CPython, which converts Py_None back to NULL before the wrapped descriptor's tp_descr_get is invoked. The pre 2.2.0 C path called tp_descr_get directly with obj as received, which is NULL on class access, so it was already producing the same value the Python path produces after the slot wrapper's Py_None to NULL conversion. Substituting Py_None for NULL before tp_descr_get was called caused the wrapped descriptor to see a value it would never see during ordinary class attribute lookup. Native CPython descriptors other than func_descr_get fast path on obj == NULL and return the descriptor unchanged. With Py_None substituted in they fall through to a type check against the owner type of the descriptor, and NoneType does not satisfy that check, so a TypeError is raised. This broke class attribute access for any built-in or C extension descriptor (method_descriptor, wrapper_descriptor, getset_descriptor, member_descriptor) wrapped by @wrapt.decorator or @wrapt.function_wrapper. The failure mode is most likely to show up in instrumentation libraries that monkey patch built-in methods onto classes and where some inspection or binding step then accesses the wrapped attribute through the class. The existing test suite did not catch the regression because all wrappers in the test suite are applied to pure Python functions, whose func_descr_get slot treats NULL and Py_None equivalently. A new regression test has been added which wraps a method_descriptor and exercises class attribute access, so the missing coverage of non-function descriptors is now in place. With thanks to brettlangdon <https://github.com/brettlangdon>_ for reporting the regression and identifying the underlying cause.
Commits
  • 787db02 Merge branch 'release/2.2.1'
  • da8f21f Update to 2.2.1 for final release.
  • d89dce9 Skip CPython specific descriptor tests on PyPy.
  • 86f4e0e Go with 2.2.1rc1 instead of 2.2.1.dev1.
  • 94bd940 Run descriptor get tests against both implementations.
  • 00541d5 Merge branch 'develop' of github.com:GrahamDumpleton/wrapt into develop
  • daddcfe Merge pull request #341 from brettlangdon/brettlangdon/descriptor.tests
  • 0583a12 Revert Py_None substitution in C FunctionWrapper.get.
  • f8d4a2e Add test coverage for native descriptors
  • 0dbbba1 Update to 2.2.1.dev1 to test fixes.
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

Bumps [wrapt](https://github.com/GrahamDumpleton/wrapt) from 2.2.0 to 2.2.1.
- [Release notes](https://github.com/GrahamDumpleton/wrapt/releases)
- [Changelog](https://github.com/GrahamDumpleton/wrapt/blob/develop/docs/changes.rst)
- [Commits](GrahamDumpleton/wrapt@2.2.0...2.2.1)

---
updated-dependencies:
- dependency-name: wrapt
  dependency-version: 2.2.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jun 3, 2026
@dependabot dependabot Bot requested a review from a team as a code owner June 3, 2026 22:26
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jun 3, 2026
@github-actions github-actions Bot enabled auto-merge June 3, 2026 22:26
gavinbarron pushed a commit that referenced this pull request Jul 9, 2026
* chore(deps): consolidate open dependabot dependency updates

Combines the 13 open dependabot PRs into a single update.

requirements-dev.txt:
- aiohttp: 3.13.5 -> 3.14.1 (#1530; supersedes #1521 -> 3.14.0)
- astroid: 4.0.2 -> 4.1.2 (pylint group #1529)
- pylint: 4.0.5 -> 4.0.6 (pylint group #1529)
- click: 8.1.8 -> 8.4.1 (#1519)
- cryptography: 46.0.7 -> 48.0.1 (#1531)
- docutils: 0.22.4 -> 0.23 (#1522)
- microsoft-kiota-*: 1.10.1 -> 1.10.2 (kiota group #1516)
- msal: 1.36.0 -> 1.37.0 (#1523)
- opentelemetry-api/sdk: 1.42.0 -> 1.42.1 (open-telemetry group #1515)
- opentelemetry-semantic-conventions: 0.63b0 -> 0.63b1 (#1515)
- platformdirs: 4.9.6 -> 4.10.0 (#1518)
- PyJWT: 2.12.1 -> 2.13.0 (#1520)
- wrapt: 2.2.0 -> 2.2.1 (#1517)

GitHub Actions:
- actions/checkout: v6 -> v7 (#1532)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix(deps): pin astroid 4.0.4 to satisfy pylint 4.0.6 constraint

pylint 4.0.6 requires astroid<=4.1.dev0,>=4.0.2, so astroid 4.1.2 caused a
ResolutionImpossible error. Downgrade to 4.0.4 (latest 4.0.x) to fix CI.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* chore(deps): exclude pylint group entirely (astroid/pylint)

Group PRs are all-or-nothing. Dependabot's pylint group pairs astroid 4.1.2
with pylint 4.0.6, but pylint 4.0.6 requires astroid<=4.1.dev0, so the pair
is unresolvable. Rather than partially apply the group with an astroid
workaround, leave the whole group out (astroid/pylint stay at main values)
so it remains a clean standalone Dependabot PR.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

This pull request has conflicting changes, the author must resolve the conflicts before this pull request can be merged.

@dependabot @github

dependabot Bot commented on behalf of github Jul 10, 2026

Copy link
Copy Markdown
Contributor Author

Superseded by #1540.

@dependabot dependabot Bot closed this Jul 10, 2026
auto-merge was automatically disabled July 10, 2026 05:13

Pull request was closed

@dependabot dependabot Bot deleted the dependabot/pip/wrapt-2.2.1 branch July 10, 2026 05:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

conflicting dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants