chore(deps): bump the all group across 1 directory with 15 updates

[dependabot]

Bumps the all group with 15 updates in the / directory:

Package	From	To
click	8.1.8	8.3.1
copier	9.10.1	9.11.0
tomli	2.2.1	2.3.0
python-dotenv	1.1.1	1.2.1
keyring	25.6.0	25.7.0
algokit-utils	4.1.0	4.2.2
requests	2.32.4	2.32.5
prompt-toolkit	3.0.51	3.0.52
pyinstaller	6.14.2	6.17.0
ruff	0.12.2	0.14.8
pip-audit	2.9.0	2.10.0
pytest-mock	3.14.1	3.15.1
mypy	1.16.1	1.19.0
poethepoet	0.36.0	0.38.0
pytest-sugar	1.0.0	1.1.1

Updates click from 8.1.8 to 8.3.1

Release notes

Sourced from click's releases.

8.3.1

This is the Click 8.3.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/click/8.3.1/ Changes: https://click.palletsprojects.com/page/changes/#version-8-3-1 Milestone: https://github.com/pallets/click/milestone/28

• Don't discard pager arguments by correctly using subprocess.Popen. #3039 #3055
• Replace Sentinel.UNSET default values by None as they're passed through the Context.invoke() method. #3066 #3065 #3068
• Fix conversion of Sentinel.UNSET happening too early, which caused incorrect behavior for multiple parameters using the same name. #3071 #3079
• Fix rendering when prompt and confirm parameter prompt_suffix is empty. #3019 #3021
• When Sentinel.UNSET is found during parsing, it will skip calls to type_cast_value. #3069 #3090
• Hide Sentinel.UNSET values as None when looking up for other parameters through the context inside parameter callbacks. #3136 #3137

8.3.0

This is the Click 8.3.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecation, or introduce potentially breaking changes.

We encourage everyone to upgrade. You can read more about our Version Support Policy on our website.

PyPI: https://pypi.org/project/click/8.3.0/ Changes: https://click.palletsprojects.com/page/changes/#version-8-3-0 Milestone https://github.com/pallets/click/milestone/27

• Improved flag option handling: Reworked the relationship between flag_value and default parameters for better consistency:

  • The default parameter value is now preserved as-is and passed directly to CLI functions (no more unexpected transformations)
  • Exception: flag options with default=True maintain backward compatibility by defaulting to their flag_value
  • The default parameter can now be any type (bool, None, etc.)
  • Fixes inconsistencies reported in: #1992 #2514 #2610 #3024 #3030

• Allow default to be set on Argument for nargs = -1. #2164 #3030

• Show correct auto complete value for nargs option in combination with flag option #2813

• Show correct auto complete value for nargs option in combination with flag option #2813

• Fix handling of quoted and escaped parameters in Fish autocompletion. #2995 #3013

• Lazily import shutil. #3023

• Properly forward exception information to resources registered with click.core.Context.with_resource(). #2447 #3058

• Fix regression related to EOF handling in CliRunner. #2939 #2940

8.2.2

This is the Click 8.2.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/click/8.2.2/

... (truncated)

Changelog

Sourced from click's changelog.

Version 8.3.1

Released 2025-11-15

• Don't discard pager arguments by correctly using subprocess.Popen. :issue:3039 :pr:3055
• Replace Sentinel.UNSET default values by None as they're passed through the Context.invoke() method. :issue:3066 :issue:3065 :pr:3068
• Fix conversion of Sentinel.UNSET happening too early, which caused incorrect behavior for multiple parameters using the same name. :issue:3071 :pr:3079
• Hide Sentinel.UNSET values as None when looking up for other parameters through the context inside parameter callbacks. :issue:3136 :pr:3137
• Fix rendering when prompt and confirm parameter prompt_suffix is empty. :issue:3019 :pr:3021
• When Sentinel.UNSET is found during parsing, it will skip calls to type_cast_value. :issue:3069 :pr:3090

Version 8.3.0

Released 2025-09-17

• Improved flag option handling: Reworked the relationship between flag_value and default parameters for better consistency:

  • The default parameter value is now preserved as-is and passed directly to CLI functions (no more unexpected transformations)
  • Exception: flag options with default=True maintain backward compatibility by defaulting to their flag_value
  • The default parameter can now be any type (bool, None, etc.)
  • Fixes inconsistencies reported in: :issue:1992 :issue:2514 :issue:2610 :issue:3024 :pr:3030

• Allow default to be set on Argument for nargs = -1. :issue:2164 :pr:3030

• Show correct auto complete value for nargs option in combination with flag option :issue:2813

• Fix handling of quoted and escaped parameters in Fish autocompletion. :issue:2995 :pr:3013

• Lazily import shutil. :pr:3023

• Properly forward exception information to resources registered with click.core.Context.with_resource(). :issue:2447 :pr:3058

• Fix regression related to EOF handling in CliRunner. :issue:2939 :pr:2940

Version 8.2.2

Released 2025-07-31

• Fix reconciliation of default, flag_value and type parameters for flag options, as well as parsing and normalization of environment variables.

... (truncated)

Commits

• 1d038f2 release version 8.3.1
• 03f3889 Fix Ruff UP038 warning (#3141)
• 3867781 Fix Ruff UP038 warning
• b91bb95 Provide altered context to callbacks to hide UNSET values as None (#3137)
• 437e1e3 Temporarily provide a fake context to the callback to hide UNSET values as ...
• ea70da4 Don't test using a file in docs/ (#3102)
• e27b307 Make uv run --all-extras pyright --verifytypes click pass (#3072)
• a92c573 Fix test_edit to work with BSD sed (#3129)
• bd131e1 Fix test_edit to work with BSD sed
• 0b5c6b7 Add Best practices section (#3127)
• Additional commits viewable in compare view

Updates copier from 9.10.1 to 9.11.0

Release notes

Sourced from copier's releases.

v9.11.0 (2025-11-20)

Feat

• updating: allow updating a dirty Git repository when the subproject directory is clean (#2369)
• add support for custom question icons (#2381)
• add support for conditionally unsetting a question's default value

Fix

• raise warning instead of error when chmod is not allowed
• fix using default answers from settings for required questions (#2374)

Refactor

• drop support for Python 3.9

v9.10.3 (2025-10-17)

Fix

• updating: render templated skip-if-exists patterns before applying patch with excluded paths
• updating: exclude only Git-ignored files when applying patch
• updating: ignore paths added to the _exclude list in new template version when updating

v9.10.2 (2025-09-09)

Fix

• deps: remove prompt-toolkit version cap

Changelog

Sourced from copier's changelog.

v9.11.0 (2025-11-20)

Feat

• updating: allow updating a dirty Git repository when the subproject directory is clean (#2369)
• add support for custom question icons (#2381)
• add support for conditionally unsetting a question's default value

Fix

• raise warning instead of error when chmod is not allowed
• fix using default answers from settings for required questions (#2374)

Refactor

• drop support for Python 3.9

v9.10.3 (2025-10-17)

Fix

• updating: render templated skip-if-exists patterns before applying patch with excluded paths
• updating: exclude only Git-ignored files when applying patch
• updating: ignore paths added to the _exclude list in new template version when updating

v9.10.2 (2025-09-09)

Fix

• deps: remove prompt-toolkit version cap

Commits

• 620e452 bump: version 9.10.3 → 9.11.0
• 4dad85c feat(updating): allow updating a dirty Git repository when the subproject dir...
• 35b3dd2 build(deps): update dependency ruff to v0.14.5
• 0c24b08 build(deps): update dependency pytest-gitconfig to v0.8.0
• 76de371 build(deps): update dependency pytest to v9
• ef8c8f7 build(deps): update dependency mkdocs-material to v9.7.0
• 98b6e79 build(deps): update dependency pre-commit to v4.4.0
• 07cc743 build(deps): update dependency platformdirs to v4.5.0
• e4c32cc build(deps): update dependency markdown-exec to v1.12.1
• 343cfc3 build(deps): update dependency commitizen to v4.10.0
• Additional commits viewable in compare view

Updates tomli from 2.2.1 to 2.3.0

Changelog

Sourced from tomli's changelog.

2.3.0

• Added
  • Binary wheels for Python 3.14 (also free-threaded)
• Performance
  • Reduced import time

Commits

• 3fccd16 Bump version: 2.2.1 → 2.3.0
• 6504016 Add 2.3.0 changelog
• 0bc66fc Remove now off-by-default PyPy from cibuildwheel skip list
• 0aa242f Update license metadata to appease PEP 639
• a18221e Bump GitHub CI actions
• 6fa4d90 [pre-commit.ci] pre-commit autoupdate (#260)
• b974fa1 [pre-commit.ci] pre-commit autoupdate (#248)
• f574f36 Update mypy to 1.15 and use --strict mode (#257)
• 1da01ef Reduce import time by removing typing import (#251)
• 4188188 Reduce import time by removing string and tomli._types imports
• Additional commits viewable in compare view

Updates python-dotenv from 1.1.1 to 1.2.1

Release notes

Sourced from python-dotenv's releases.

v1.2.1

What's Changed

• Support reading .env from FIFOs (Unix) by @​sidharth-sudhir in theskumar/python-dotenv#586
• Update CI to use trusted publishing on PyPI

New Contributors

• @​sidharth-sudhir made their first contribution in theskumar/python-dotenv#586

Full Changelog: theskumar/python-dotenv@v1.2.0...v1.2.1

v1.2.0

What's Changed

• style: upgrade to use ruff by @​theskumar in theskumar/python-dotenv#567
• Use sys.exit() instead of exit() by @​theskumar in theskumar/python-dotenv#568
• feat: add PYTHON_DOTENV_DISABLED flag to disable load_dotenv (fixes #510) by @​matthewfranglen in theskumar/python-dotenv#569
• Added [email protected]: Github CI & tox.ini by @​23f3001135 in theskumar/python-dotenv#579
• ocs: clarify what load_dotenv() does in README by @​cybercoded in theskumar/python-dotenv#575
• Bump the github-actions group across 1 directory with 2 updates by @​dependabot[bot] in theskumar/python-dotenv#577
• Move project metadata and config to pyproject.toml by @​EpicWink in theskumar/python-dotenv#583

New Contributors

• @​matthewfranglen made their first contribution in theskumar/python-dotenv#569
• @​23f3001135 made their first contribution in theskumar/python-dotenv#579
• @​cybercoded made their first contribution in theskumar/python-dotenv#575
• @​EpicWink made their first contribution in theskumar/python-dotenv#583

Full Changelog: theskumar/python-dotenv@v1.1.1...v1.2.0

Changelog

Sourced from python-dotenv's changelog.

[1.2.1] - 2025-10-26

• Move more config to pyproject.toml, removed setup.cfg
• Add support for reading .env from FIFOs (Unix) by [@​sidharth-sudhir] in #586

[1.2.0] - 2025-10-26

• Upgrade build system to use PEP 517 & PEP 518 to use build and pyproject.toml by [@​EpicWink] in #583
• Add support for Python 3.14 by [@​23f3001135] in #579
• Add support for disabling of load_dotenv() using PYTHON_DOTENV_DISABLED env var. by [@​matthewfranglen] in #569

Commits

• eaf2a91 Do not remove .coverage file
• 8716196 Bump version: 1.2.0 → 1.2.1
• b87807f Update changelog
• 3af77d3 Support reading .env from FIFOs (Unix) (#586)
• 467ee22 Fix test failures after moving config to pyproject.toml
• 76999e7 Move more config pyproject.toml
• 222ce2c Update to use trusted publisher on pypi
• 8ed4f79 Update docs requirements
• 5bf8822 Bump version: 1.1.1 → 1.2.0
• 1fe11cc upadate changelog
• Additional commits viewable in compare view

Updates keyring from 25.6.0 to 25.7.0

Changelog

Sourced from keyring's changelog.

v25.7.0

Features

• Improved support for KWallet 6. (#728)

Bugfixes

• Removed cruft from Python 3.8. (#722)

Commits

• 38c0401 Finalize
• e5b7d2a Revert "Disable type checking on filter call. Fixes #659."
• 2ce2d46 Add news fragment.
• 4bb5ece Merge pull request #722 from hugovk/rm-3.8
• d7c0aa4 Merge branch 'main' into rm-3.8
• ea1d763 Merge pull request #721 from hugovk/fix-tests
• 30eea9d Merge https://github.com/jaraco/skeleton
• fb6e52c Merge pull request #724 from dachucky/patch-1
• 9ff8459 Generalize the guidance around tox.
• e7fbfa7 Prefer imperative third-person voice.
• Additional commits viewable in compare view

Updates algokit-utils from 4.1.0 to 4.2.2

Commits

• See full diff in compare view

Updates requests from 2.32.4 to 2.32.5

Release notes

Sourced from requests's releases.

v2.32.5

2.32.5 (2025-08-18)

Bugfixes

• The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

• Added support for Python 3.14.
• Dropped support for Python 3.8 following its end of support.

Changelog

Sourced from requests's changelog.

2.32.5 (2025-08-18)

Bugfixes

• The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

• Added support for Python 3.14.
• Dropped support for Python 3.8 following its end of support.

Commits

• b25c87d v2.32.5
• 131e506 Merge pull request #7010 from psf/dependabot/github_actions/actions/checkout-...
• b336cb2 Bump actions/checkout from 4.2.0 to 5.0.0
• 46e939b Update publish workflow to use artifact-id instead of name
• 4b9c546 Merge pull request #6999 from psf/dependabot/github_actions/step-security/har...
• 7618dbe Bump step-security/harden-runner from 2.12.0 to 2.13.0
• 2edca11 Add support for Python 3.14 and drop support for Python 3.8 (#6993)
• fec96cd Update Makefile rules (#6996)
• d58d8aa docs: clarify timeout parameter uses seconds in Session.request (#6994)
• 91a3eab Bump github/codeql-action from 3.28.5 to 3.29.0
• Additional commits viewable in compare view

Updates prompt-toolkit from 3.0.51 to 3.0.52

Release notes

Sourced from prompt-toolkit's releases.

3.0.52

New features:

• Add choice() shortcut for selecting an option amongst a list of choices (see documentation for examples).
• Add support for ANSI dim text formatting.
• Add frame=... option for prompt() and choice() shortcuts to allow for displaying a frame around the input prompt.

Fixes:

• Fix button width when non English characters are displayed.
• Implement flushing in Windows VT100 input.
• Fix signal handling for GraalPy.
• Fix handling of zero sized dimensions.

Changelog

Sourced from prompt-toolkit's changelog.

3.0.52: 2025-08-27

New features:

• Add choice() shortcut for selecting an option amongst a list of choices (see documentation for examples).
• Add support for ANSI dim text formatting.
• Add frame=... option for prompt() and choice() shortcuts to allow for displaying a frame around the input prompt.

Fixes:

• Fix button width when non English characters are displayed.
• Implement flushing in Windows VT100 input.
• Fix signal handling for GraalPy.
• Fix handling of zero sized dimensions.

Commits

• d8adbe9 Release 3.0.52
• 5fde041 Follow-up: accept 'show_frame' in 'prompt_async()' and accept extra key bindi...
• 2b9cd93 Add choice shortcut for selecting an option amongst a list of choices. (#2005)
• a446019 Re-add project URLs after migration to pyproject.toml (#1986)
• 5c852f8 Fix images in README.rst (#1987)
• bfec07f Fix signal handling in _restore_sigint_from_ctypes for GraalPy (#2000)
• af26eec Implement flushing in Windows VT100 input (#2001)
• c435303 Fix button width when non English characters are displayed
• 3374ae9 Update docs theme to Nefertiti 0.8.6 (#2002)
• 54c5c85 Stop using @​abstractproperty which is deprecated. (#2004)
• Additional commits viewable in compare view

Updates pyinstaller from 6.14.2 to 6.17.0

Release notes

Sourced from pyinstaller's releases.

v6.17.0

Please see the v6.17.0 section of the changelog for a list of the changes since v6.16.0.

v6.16.0

Please see the v6.16.0 section of the changelog for a list of the changes since v6.15.0.

v6.15.0

Please see the v6.15.0 section of the changelog for a list of the changes since v6.14.2.

Changelog

Sourced from pyinstaller's changelog.

6.17.0 (2025-11-24)

Bugfix

* Avoid indirect usage of ``pkg_resources`` which is deprecated and scheduled to
  be removed in 2025-11-30. (:issue:`9149`)
* Revise the search for Python shared library from :issue:`9218` and
  the restrictions it imposes: enable the fall-back codepath with
  guess-based name for all Python builds that report ``Py_ENABLE_SHARED=0``
  instead of just for Anaconda Python (``compat.is_conda``), but limit
  the search paths in this fall-back codepath to only ``sys.base_prefix``
  and the ``lib`` directory under it. (:issue:`9276`)
* Work around performance issues introduced by superfluous usage of
  :func:`gc.collect` in ``pefile==2024.8.26``. PyInstaller no longer blocks
  :installing ``pefile==2024.8.26``. (:issue:`8762`)
Hooks

* Fix finding setuptools's vendored copies of ``backports`` and ``jaraco``
  packages. (:issue:`9250`)
6.16.0 (2025-09-13)
Features

</code></pre>

<ul>

<li>(POSIX) Adjust the destination directory for collected python's standard

extensions, from <code>lib-dynload</code> to <code>python3.x/lib-dynload</code> directory,

in order to preserve the relative relationship between the extension

location and the (grand-parent) shared library directory that is commonly

found in POSIX python environments. This is required for compatibility

with upcoming Linux builds of <code>astral-sh/python-build-standalone#</code> that

will set relative library paths in extensions via both <code>DT_NEEDED</code> and

<code>DT_RPATH</code>. (:issue:<code>9212</code>)</li>

<li>Rework the anonymization of the <code>co_filename</code> attribute in collected

code objects - instead of trying to obtain anonymized relative name by

removing known path prefixes from the original absolute-path <code>co_filename</code>,

we now construct the anonymized relative name directly from the collected

module's (or script's) destination name w.r.t. its destination container

(i.e., the <code>PKG</code> archive, the <code>PYZ</code> archive, or the <code>base_library.zip</code>

archive). (:issue:<code>9226</code>)</li>

<li>Rework the search for python shared library in order to reduce amount of

guess-work and better accommodate variations in naming across platforms

and due to different build options (e.g., debug build with &quot;d&quot; suffix,</li>

</ul>

<!-- raw HTML omitted -->

</blockquote>

<p>... (truncated)</p>

</details>

<details>

<summary>Commits</summary>
<ul>

<li><a href="https://github.com/pyinstaller/pyinstaller/commit/3f596f66feebe3a7d247248f95f76c071d08b832&quot;&gt;&lt;code&gt;3f596f6&lt;/code&gt;&lt;/a> Release v6.17.0. [skip ci]</li>

<li><a href="https://github.com/pyinstaller/pyinstaller/commit/e0a1d562b82c0dd789f3e3a7195395d2528bfc73&quot;&gt;&lt;code&gt;e0a1d56&lt;/code&gt;&lt;/a> tests: add a test with entry-point script that has no suffix</li>

<li><a href="https://github.com/pyinstaller/pyinstaller/commit/a5431becf2485670f043f4004c31bdf3da1c4123&quot;&gt;&lt;code&gt;a5431be&lt;/code&gt;&lt;/a> building: ensure suffix in co_filename of the entry-point's code object</li>

<li><a href="https://github.com/pyinstaller/pyinstaller/commit/d3092dd2151c96605424f0a1aa32ad36c989628e&quot;&gt;&lt;code&gt;d3092dd&lt;/code&gt;&lt;/a> Load tk from the environment if the variable is defined</li>

<li><a href="https://github.com/pyinstaller/pyinstaller/commit/1c289e8f3f0527785fe9f640c27f520029759f64&quot;&gt;&lt;code&gt;1c289e8&lt;/code&gt;&lt;/a> Tests: Requirements: Scheduled weekly dependency update for week 46 (<a href="https://redirect.github.com/pyinstaller/pyinstaller/issues/9303&quot;&gt;#9303&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/pyinstaller/pyinstaller/commit/81043b976276b177369654cd5478d4147ca79e96&quot;&gt;&lt;code&gt;81043b9&lt;/code&gt;&lt;/a> bootloader: use -Wno-error=unused-command-line-argument with clang</li>

<li><a href="https://github.com/pyinstaller/pyinstaller/commit/85c4e8e2610e93435f234773491c86126c4d1a45&quot;&gt;&lt;code&gt;85c4e8e&lt;/code&gt;&lt;/a> Raise error if PyInstaller is ran on PyInstaller</li>

<li><a href="https://github.com/pyinstaller/pyinstaller/commit/0f481f93fea90035c4c7e9bf59a1b68ad7175cf0&quot;&gt;&lt;code&gt;0f481f9&lt;/code&gt;&lt;/a> Raise error if ran on alternative Python implementations (PyPY)</li>

<li><a href="https://github.com/pyinstaller/pyinstaller/commit/1c402c925a4e3b0b4c3cfaccec2147d6a653b748&quot;&gt;&lt;code&gt;1c402c9&lt;/code&gt;&lt;/a> Tests: Requirements: Scheduled weekly dependency update for week 45 (<a href="https://redirect.github.com/pyinstaller/pyinstaller/issues/9294&quot;&gt;#9294&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/pyinstaller/pyinstaller/commit/23b54eb155cea501fda0b1c7cf247907b518d14a&quot;&gt;&lt;code&gt;23b54eb&lt;/code&gt;&lt;/a> Tests: Requirements: Scheduled weekly dependency update for week 44 (<a href="https://redirect.github.com/pyinstaller/pyinstaller/issues/9290&quot;&gt;#9290&lt;/a&gt;)&lt;/li>

<li>Additional commits viewable in <a href="https://github.com/pyinstaller/pyinstaller/compare/v6.14.2...v6.17.0&quot;&gt;compare view</a></li>

</ul>

</details>
<br />


Updates ruff from 0.12.2 to 0.14.8

Release notes
Sourced from ruff's releases.

0.14.8
Release Notes
Released on 2025-12-04.
Preview features

[flake8-bugbear] Catch yield expressions within other statements (B901) (#21200)
[flake8-use-pathlib] Mark fixes unsafe for return type changes (PTH104, PTH105, PTH109, PTH115) (#21440)

Bug fixes

Fix syntax error false positives for await outside functions (#21763)
[flake8-simplify] Fix truthiness assumption for non-iterable arguments in tuple/list/set calls (SIM222, SIM223) (#21479)

Documentation

Suggest using --output-file option in GitLab integration (#21706)

Other changes

[syntax-error] Default type parameter followed by non-default type parameter (#21657)

Contributors

@​kieran-ryan
@​11happy
@​danparizher
@​ntBre

Install ruff 0.14.8
Install prebuilt binaries via shell script
curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/ruff/releases/download/0.14.8/ruff-installer.sh | sh

Install prebuilt binaries via powershell script
powershell -ExecutionPolicy Bypass -c "irm https://github.com/astral-sh/ruff/releases/download/0.14.8/ruff-installer.ps1 | iex"

Download ruff 0.14.8



File
Platform
Checksum




ruff-aarch64-apple-darwin.tar.gz
Apple Silicon macOS
checksum


ruff-x86_64-apple-darwin.tar.gz
Intel macOS
checksum





... (truncated)


Changelog
Sourced from ruff's changelog.

0.14.8
Released on 2025-12-04.
Preview features

[flake8-bugbear] Catch yield expressions within other statements (B901) (#21200)
[flake8-use-pathlib] Mark fixes unsafe for return type changes (PTH104, PTH105, PTH109, PTH115) (#21440)

Bug fixes

Fix syntax error false positives for await outside functions (#21763)
[flake8-simplify] Fix truthiness assumption for non-iterable arguments in tuple/list/set calls (SIM222, SIM223) (#21479)

Documentation

Suggest using --output-file option in GitLab integration (#21706)

Other changes

[syntax-error] Default type parameter followed by non-default type parameter (#21657)

Contributors

@​kieran-ryan
@​11happy
@​danparizher
@​ntBre

0.14.7
Released on 2025-11-28.
Preview features

[flake8-bandit] Handle string literal bindings in suspicious-url-open-usage (S310) (#21469)
[pylint] Fix PLR1708 false positives on nested functions (#21177)
[pylint] Fix suppression for empty dict without tuple key annotation (PLE1141) (#21290)
[ruff] Add rule RUF066 to detect unnecessary class properties (#21535)
[ruff] Catch more dummy variable uses (RUF052) (#19799)

Bug fixes

[server] Set severity for non-rule diagnostics (#21559)
[flake8-implicit-str-concat] Avoid invalid fix in (ISC003) (#21517)
[parser] Fix panic when parsing IPython escape command expressions (#21480)

CLI

Show partial fixability indicator in statistics output (#21513)



... (truncated)


Commits

9d4f1c6 Bump 0.14.8 (#21791)
326025d [ty] Always register rename provider if client doesn't support dynamic regist...
3aefe85 [ty] Ensure rename CursorTest calls can_rename before renaming (#21790)
b8ecc83 Fix clippy errors on main (#21788)
6491932 [ty] Fix crash when hovering an unknown string annotation (#21782)
a9f2bb4 [ty] Don't send publish diagnostics for clients supporting pull diagnostics (...
e2b72fb [ty] cleanup test path (#21781)
14fce0d [ty] Improve the display of various special-form types (#21775)
8ebecb2 [ty] Add subdiagnostic hint if the user wrote X = Any rather than X: Any ...
45ac30a [ty] Teach ty the meaning of desperation (try ancestor pyproject.tomls as...
Additional commits viewable in compare view




Updates pip-audit from 2.9.0 to 2.10.0

Release notes
Sourced from pip-audit's releases.

v2.10.0
Added


pip-audit now supports the --osv-url URL flag, which can be used to
retrieve vulnerabilities from a custom OSV service. This is useful for
organizations that host their own mirror of the OSV database, or that
have custom OSV records
(#810)


pip-audit now supports the Ecosyste.ms vulnerability service with
--vulnerability-service=esms
(#903).


Changed

The minimum version of Python is now 3.10
(#905)

Fixed


Fixed a bug where pip-audit would fail to parse pyproject.toml files
containing TOML 1.0.0 features
(#910)


CycloneDX JSON/XML output now correctly links vulnerabilities to their
affected components via the affects field
(#980)





Changelog
Sourced from pip-audit's changelog.

[2.10.0]
Added


pip-audit now supports the --osv-url URL flag, which can be used to
retrieve vulnerabilities from a custom OSV service. This is useful for
organizations that host their own mirror of the OSV database, or that
have custom OSV records
(#810)


pip-audit now supports the Ecosyste.ms vulnerability service with
--vulnerability-service=esms
(#903).


Changed

The minimum version of Python is now 3.10
(#905)

Fixed


Fixed a bug where pip-audit would fail to parse pyproject.toml files
containing TOML 1.0.0 features
(#910)


CycloneDX JSON/XML output now correctly links vulnerabilities to their
affected components via the affects field
(#980)





Commits

dec2165 chore: prep release v2.10.0 (#905)
d191a22 Fix CycloneDX vulnerability-component linking (#980) (#981)
a3f69b1 dependabot: add cooldowns (#978)
42df1b2 build(deps): bump astral-sh/setup-uv from 7.1.3 to 7.1.4 (#976)
d4cbb66 build(deps): bump actions/checkout from 5.0.1 to 6.0.0 (#977)
0f2889d build(deps): bump github/codeql-action from 4.31.3 to 4.31.4 (#975)
ad15644 build(deps): bump actions/checkout from 5.0.0 to 5.0.1 (#974)
831ca98 build(deps): bump astral-sh/setup-uv from 7.1.2 to 7.1.3 (#972)
afeb9ea build(deps): bump github/codeql-action from 4.31.2 to 4.31.3 (#973)
2969e7c build(deps): bump github/codeql-action from 4.31.0 to 4.31.2 (#971)
Additional commits viewable in compare view




Updates pytest-mock from 3.14.1 to 3.15.1

Release notes
Sourced from pytest-mock's releases.

v3.15.1
2025-09-16

#529: Fixed itertools._tee object has no attribute error -- now duplicate_iterators=True must be passed to mocker.spy to duplicate iterators.

v3.15.0
2025-09-04

Python 3.8 (EOL) is no longer supported.
#524: Added spy_return_iter to mocker.spy, which contains a duplicate of the return value of the spied method if it is an Iterator.




Changelog
Sourced from pytest-mock's changelog.

3.15.1
2025-09-16

[#529](https://github.com/pytest-dev/pytest-mock/issues/529) <https://github.com/pytest-dev/pytest-mock/issues/529>_: Fixed itertools._tee object has no attribute error -- now duplicate_iterators=True must be passed to mocker.spy to duplicate iterators.

3.15.0
2025-09-04

Python 3.8 (EOL) is no longer supported.
[#524](https://github.com/pytest-dev/pytest-mock/issues/524) <https://github.com/pytest-dev/pytest-mock/pull/524>_: Added spy_return_iter to mocker.spy, which contains a duplicate of the return value of the spied method if it is an Iterator.




Commits

e1b5c62 Release 3.15.1
184eb19 Set spy_return_iter only when explicitly requested (#537)
4fa0088 [pre-commit.ci] pre-commit autoupdate (#536)
f5aff33 Fix test failure with pytest 8+ and verbose mode (#535)
adc4187 Bump actions/setup-python from 5 to 6 in the github-actions group (#533)
95ad570 [pre-commit.ci] pre-commit autoupdate (#532)
e696bf0 Fix standalone mock support (#531)
5b29b03 Fix gen-release-notes script
7d22ef4 Merge pull request #528 from pytest-dev/release-3.15.0
90b29f8 Update CHANGELOG for 3.15.0
Additional commits viewable in compare view


...
Description has been truncated