chore(deps): update python-nonmajor

[renovate-bot]

This PR contains the following updates:

Package	Change	Age	Confidence
PyMySQL (changelog)	==1.1.2 → ==1.1.3
certifi	==2026.2.25 → ==2026.4.22
filelock	==3.28.0 → ==3.29.0
google-auth	==2.49.2 → ==2.50.0
idna (changelog)	==3.11 → ==3.13
packaging	==26.1 → ==26.2
virtualenv	==21.2.4 → ==21.3.0

---

Release Notes

PyMySQL/PyMySQL (PyMySQL)

v1.1.3

Compare Source

Release date: 2026-05-01

Security

• Fix Cursor.callproc() didn't escape procedure name. (#​1206)
  There was a possibility of SQL injection when calling a procedure with a string received from an untrusted source as the procedure name.

  NOTICE: This change may cause backward compatibility issues. If you specified a procedure name like "dbname.funcname", the previous version called CALL dbname.funcname, but from this version, it will call CALL `dbname.funcname` so you cannot specify procedure name with database name anymore.

certifi/python-certifi (certifi)

v2026.4.22

Compare Source

tox-dev/py-filelock (filelock)

v3.29.0

Compare Source

What's Changed

• 🐛 fix(async): use single-thread executor for lock consistency by @​gaborbernat in tox-dev/filelock#533
• ✨ feat(soft): enable stale lock detection on Windows by @​gaborbernat in tox-dev/filelock#534

Full Changelog: tox-dev/filelock@3.28.0...3.29.0

kjd/idna (idna)

v3.13

Compare Source

v3.12

Compare Source

pypa/packaging (packaging)

v26.2

Compare Source

What's Changed

Fixes:

• Fix incorrect sysconfig var name for pyemscripten by @​ryanking13 in #​1160
• Make Version, Specifier, SpecifierSet, Tag, Marker, and Requirement pickle-safe
  and backward-compatible with pickles created in 25.0-26.1 (including references to the removed
  packaging._structures module) by @​eachimei and @​henryiii in #​1163, #​1168, #​1170, and #​1171
• fix: re-export ExceptionGroup for now by @​henryiii in #​1164

Documentation:

• docs: add errors section and fix missing details by @​henryiii in #​1159
• docs(dev): document property-based test suite by @​r266-tech in #​1167
• Fix typo in DirectUrl documentation by @​sbidoul in #​1169
• docs(specifiers): add is_unsatisfiable() usage example by @​r266-tech in #​1166

Internal:

• Enable the auditor persona on zizmor by @​henryiii in #​1158
• Test new pickle guarantees by @​henryiii in #​1174
• Use native uv integration in rtd by @​henryiii in #​1175

New Contributors

• @​ryanking13 made their first contribution in #​1160
• @​eachimei made their first contribution in #​1163

Full Changelog: pypa/packaging@26.1...26.2

pypa/virtualenv (virtualenv)

v21.3.0

Compare Source

What's Changed

• 🐛 fix(type): stop ty flagging default_source on Action by @​gaborbernat in #​3124
• feat: Reintroduce xonsh shell support by @​anki-code in #​3125
• 🐛 fix(test): prevent PowerShell activation test from crashing xdist workers on Windows by @​gaborbernat in #​3128
• docs: Add usage instruction for Xonsh activation by @​anki-code in #​3130
• Upgrade embedded pip/setuptools/wheel by @​github-actions[bot] in #​3132

New Contributors

• @​anki-code made their first contribution in #​3125

Full Changelog: pypa/virtualenv@21.2.4...21.3.0

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[dpebot]

/gcbrun

[dpebot]

/gcbrun

[dpebot]

/gcbrun

[dpebot]

/gcbrun

[dpebot]

/gcbrun

[dpebot]

/gcbrun

[dpebot]

/gcbrun