Update dependencies for 2026.1

[SaschaCowley]

Link to issue number:

Most of the work for #18681

Summary of the issue:

NVDA has a number of dependencies that should be updated.

Description of user facing changes:

None known

Description of developer facing changes:

Dependencies have been updated

Six is no longer transitively included in NVDA

Description of development approach:

Update package versions in pyproject.toml, checking each dependency's release notes for breaking changes that may effect us.

Removed a few straggling dependencies on six. Given we're now on Python 3.13, we really don't need a python 2 compatibility module any more. Plus, we were relying on it while only getting it transitively.

Did not update sphinx or sphinx_rtd_theme, as these dependencies are only used for building API docs, which is currently broken.

Did not update ISimpleDOM, as this seems like it may be a non-trivial change.

Updating eSpeak-ng, CLDR, liblouis should be done in a separate commit.

• comtypes
• cryptography
• wxPython
• configobj
• requests
• url-normalize
• pycaw
• nh3
• crowdin-api-client
• Markdown
• lxml
• pymdown-extensions
• onnxruntime
• numpy
• setuptools
• robotframework
• onnx
• The following packages are already up to date:
  • schedule
  • pyserial
  • fast-diff-match-patch
  • mdx_truly_sane_lists
  • markdown-link-attr-modifier
  • mdx-gh-links
  • SCons
  • py2exe
  • pyyaml
  • robotremoteserver
  • robotframework-screencaplibrary
  • unittest-xml-reporting
  • parameterized

Update each submodule, performing required steps in the repo first, as required.

• ia2
• sonic
• w3c-aria-practices
• wil
• The following dependencies were already up to date:
  • Adobe Acrobat Access (miscDeps)
  • nsis

Testing strategy:

System and unit tests,plus general usage as smoke test.

Tested Remote Access using a self-hosted server and nvdaremote.com.

Tested using OneCore and eSpeak with rate boost enabled

Known issues with pull request:

None

Code Review Checklist:

• Documentation:
  • Change log entry
  • User Documentation
  • Developer / Technical Documentation
  • Context sensitive help for GUI changes
• Testing:
  • Unit tests
  • System (end to end) tests
  • Manual testing
• UX of all users considered:
  • Speech
  • Braille
  • Low Vision
  • Different web browsers
  • Localization in other languages / culture than English
• API is compatible with existing add-ons.
• Security precautions taken.

[bramd]

@SaschaCowley You are missing a space after "Closes" in the description, now the related issue is not linked.

Have you considered configuring something like Dependabot to automate PRs for version updates? This could at least work for Python dependencies, submodules would still need to be done manually.

[SaschaCowley]

You are missing a space after "Closes" in the description, now the related issue is not linked.

Thanks, fixed!

Have you considered configuring something like Dependabot to automate PRs for version updates? This could at least work for Python dependencies, submodules would still need to be done manually.

I haven't looked into it in any detail, no. I'm not sure how well it would work for us, given we currently document dependency updates in the change log. It's definitely something to look into though,thanks for the suggestion.

[SaschaCowley]

@bramd apologies for editing your comment rather than replying to it. Clearly I need to pay closer attention to what I'm doing.