Skip to content

Bump geopy from 2.4.1 to 2.5.0 in the python-minor-and-patch group#35

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/python-minor-and-patch-edc9570c90
Open

Bump geopy from 2.4.1 to 2.5.0 in the python-minor-and-patch group#35
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/python-minor-and-patch-edc9570c90

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 14, 2026

Copy link
Copy Markdown
Contributor

Bumps the python-minor-and-patch group with 1 update: geopy.

Updates geopy from 2.4.1 to 2.5.0

Release notes

Sourced from geopy's releases.

2.5.0

Security Advisory

GitHub Security advisory: GHSA-mhvh-fq92-pfmr.

Regular Expression Denial of Service (ReDoS) in geopy.Point: geopy.Point.from_string may take excessive CPU time when parsing long, malformed coordinate strings due to inefficient regular-expression behavior.

The numeric geopy.Point constructor is not affected.

Geocoders' reverse methods called with string inputs exercise the vulnerable path.

Reported by Younghun Lee in #608, fix contributed by Apoorv Darshan in #610.

The fix rejects any inputs longer than 256 chars unconditionally, which may start falsely rejecting previously valid Point strings with long irrelevant prefixes.

Bugfixes

  • .Geocodio: fix GeocoderQueryError being raised for empty results.
  • .GoogleV3: fix utcnow deprecation warnings.

Packaging Changes

  • Drop support for Python 3.7.
  • Add support for Python 3.13, 3.14, and 3.15.
  • Migrate build metadata from setup.py to setup.cfg. Remove download_url from the metadata. Contributed by Mike Taves. #535
  • Replace distutils with packaging in tests (fixes Python 3.12+).

Code Improvements

  • Remove Python 2 relics. Contributed by Miroslav Šedivý. #552

Test Improvements

  • Fix applying pytest marks to fixtures (pytest >= 9.1 compatibility). Contributed by Tomáš Hrnčiar. #609
  • Fix unclosed event loop warning in tests.
  • Fix pytest classmethod warning.
  • .Nominatim: fix test_reverse_near_zero which was failing due to locale-specific response formatting. Contributed by Alfredo Tupone. #606

Docs Improvements

... (truncated)

Changelog

Sourced from geopy's changelog.

2.5.0

2026-07-12

Security Advisory


GitHub Security advisory: :ghsa:`mhvh-fq92-pfmr`.

Regular Expression Denial of Service (ReDoS) in :class:.Point:
:meth:.Point.from_string may take excessive CPU time when parsing long,
malformed coordinate strings due to inefficient regular-expression behavior.

The numeric :class:.Point constructor is not affected.

Geocoders' reverse methods called with string inputs exercise the vulnerable path.

Reported by Younghun Lee in :issue:608,
fix contributed by Apoorv Darshan in :issue:610.

The fix rejects any inputs longer than 256 chars unconditionally,
which may start falsely rejecting previously valid Point strings
with long irrelevant prefixes.

Bugfixes


- :class:`.Geocodio`: fix ``GeocoderQueryError`` being raised for empty results.
- :class:`.GoogleV3`: fix ``utcnow`` deprecation warnings.

Packaging Changes
</code></pre>
<ul>
<li>Drop support for Python 3.7.</li>
<li>Add support for Python 3.13, 3.14, and 3.15.</li>
<li>Migrate build metadata from <code>setup.py</code> to <code>setup.cfg</code>.
Remove <code>download_url</code> from the metadata.
Contributed by Mike Taves. (:issue:<code>535</code>)</li>
<li>Replace <code>distutils</code> with <code>packaging</code> in tests (fixes Python 3.12+).</li>
</ul>
<p>Code Improvements</p>
<pre><code>

  • Remove Python 2 relics.
    Contributed by Miroslav Šedivý. (:issue:552)

Test Improvements
</code></pre>
<ul>
<li>Fix applying pytest marks to fixtures (pytest &gt;= 9.1 compatibility).</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>

<ul>
<li><a href="https://github.com/geopy/geopy/commit/402cbba8b093e5e3f89c81b902f576d65608a123&quot;&gt;&lt;code&gt;402cbba&lt;/code&gt;&lt;/a> 2.5.0</li>
<li><a href="https://github.com/geopy/geopy/commit/f8c0dbd0c40db381e3eb906cc3428e04d33b19c4&quot;&gt;&lt;code&gt;f8c0dbd&lt;/code&gt;&lt;/a> Makefile: fix make dist broken after 9af8380</li>
<li><a href="https://github.com/geopy/geopy/commit/46c9eef67abbe10857cfe651b77fc1e33f5637c1&quot;&gt;&lt;code&gt;46c9eef&lt;/code&gt;&lt;/a> Add versionchanged</li>
<li><a href="https://github.com/geopy/geopy/commit/160aec2567168eaec8b78bc6c55125f6cf669246&quot;&gt;&lt;code&gt;160aec2&lt;/code&gt;&lt;/a> Update changelog</li>
<li><a href="https://github.com/geopy/geopy/commit/106ff54eafe7ecc5966938ed07705a883882c475&quot;&gt;&lt;code&gt;106ff54&lt;/code&gt;&lt;/a> AUTHORS: update an email per user's request</li>
<li><a href="https://github.com/geopy/geopy/commit/f35e84ec387671f263099f59a56844c0fe217d51&quot;&gt;&lt;code&gt;f35e84e&lt;/code&gt;&lt;/a> Pull up AUTHORS</li>
<li><a href="https://github.com/geopy/geopy/commit/2c3df74a4af3c4499e0b4b44b45c9c86dd3be8ac&quot;&gt;&lt;code&gt;2c3df74&lt;/code&gt;&lt;/a> Improve English grammar</li>
<li><a href="https://github.com/geopy/geopy/commit/7f176f08cc018a726b795e5ed9f2ab76ab5005a8&quot;&gt;&lt;code&gt;7f176f0&lt;/code&gt;&lt;/a> tests: fix pytest error in 3.13+ caused by ce21fb7</li>
<li><a href="https://github.com/geopy/geopy/commit/547eb9b72fa22a4c8dea09098d2b207bc4e94be9&quot;&gt;&lt;code&gt;547eb9b&lt;/code&gt;&lt;/a> Geocodio: fix GeocoderQueryError being raised for empty result</li>
<li><a href="https://github.com/geopy/geopy/commit/fbca44f4361e2eb05e1232092ccc4860e02f6c7f&quot;&gt;&lt;code&gt;fbca44f&lt;/code&gt;&lt;/a> GoogleV3: fix utcnow deprecation warnings</li>
<li>Additional commits viewable in <a href="https://github.com/geopy/geopy/compare/2.4.1...2.5.0&quot;&gt;compare view</a></li>
</ul>
</details>

<br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the python-minor-and-patch group with 1 update: [geopy](https://github.com/geopy/geopy).


Updates `geopy` from 2.4.1 to 2.5.0
- [Release notes](https://github.com/geopy/geopy/releases)
- [Changelog](https://github.com/geopy/geopy/blob/master/docs/changelog_2xx.rst)
- [Commits](geopy/geopy@2.4.1...2.5.0)

---
updated-dependencies:
- dependency-name: geopy
  dependency-version: 2.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Jul 14, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants