chore(deps): update all dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change	Pending	Age	Confidence
actions/checkout	action	major	v6 → v7
astral-sh/uv-pre-commit	repository	patch	0.11.23 → 0.11.25
biomejs/pre-commit	repository	patch	v2.5.0 → v2.5.1
coverage	dependency-groups	patch	7.14.1 → 7.14.3
node (source)		minor	24.17.0 → 24.18.0
pydoclint	dependency-groups	patch	0.8.6 → 0.8.7	0.9.0
ruff (source, changelog)	dependency-groups	patch	0.15.18 → 0.15.20
tombi	dependency-groups	patch	1.1.3 → 1.1.5	1.1.6
tox (changelog)	dependency-groups	minor	4.55.1 → 4.56.1
uv (source, changelog)	dependency-groups	patch	0.11.23 → 0.11.25

Note: The pre-commit manager in Renovate is not supported by the pre-commit maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.

---

Release Notes

actions/checkout (actions/checkout)

v7.0.0

Compare Source

• Block checking out fork PR for pull_request_target and workflow_run by @​aiqiaoy in #​2454
• Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by @​dependabot[bot] in #​2458
• Bump flatted from 3.3.1 to 3.4.2 by @​dependabot[bot] in #​2460
• Bump js-yaml from 4.1.0 to 4.2.0 by @​dependabot[bot] in #​2461
• Bump @​actions/core and @​actions/tool-cache and Remove uuid by @​dependabot[bot] in #​2459
• upgrade module to esm and update dependencies by @​aiqiaoy in #​2463
• Bump the minor-npm-dependencies group across 1 directory with 3 updates by @​dependabot[bot] in #​2462

v7

Compare Source

• Block checking out fork PR for pull_request_target and workflow_run by @​aiqiaoy in #​2454
• Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by @​dependabot[bot] in #​2458
• Bump flatted from 3.3.1 to 3.4.2 by @​dependabot[bot] in #​2460
• Bump js-yaml from 4.1.0 to 4.2.0 by @​dependabot[bot] in #​2461
• Bump @​actions/core and @​actions/tool-cache and Remove uuid by @​dependabot[bot] in #​2459
• upgrade module to esm and update dependencies by @​aiqiaoy in #​2463
• Bump the minor-npm-dependencies group across 1 directory with 3 updates by @​dependabot[bot] in #​2462

astral-sh/uv-pre-commit (astral-sh/uv-pre-commit)

v0.11.25

Compare Source

See: https://github.com/astral-sh/uv/releases/tag/0.11.25

v0.11.24

Compare Source

See: https://github.com/astral-sh/uv/releases/tag/0.11.24

biomejs/pre-commit (biomejs/pre-commit)

v2.5.1

Compare Source

coveragepy/coveragepy (coverage)

v7.14.3

Compare Source

• Fix: the default ... exclusion rule now also matches function bodies
  whose closing return-type bracket is on its own line (for example, after a
  long -> dict[ ... ] annotation that a formatter has split over multiple
  lines). Closes issue 2185, thanks Mengjia Shang <pull 2196_>.

• Fix: On 3.13t, we incorrectly issued Couldn't import C tracer errors.
  We can't import the C tracer because in 7.14.2 we stopped shipping compiled
  wheels for 3.13t. Thanks, Hugo van Kemenade <pull 2203_>_.

.. _issue 2185: #​2185
.. _pull 2196: #​2196
.. _pull 2203: #​2203

.. _changes_7-14-2:

v7.14.2

Compare Source

• Fix: some messages were being written to stdout, making coverage json -o - useless for capturing JSON output. Now messages are written to stderr,
  fixing issue 2197_.

• Fix: CoverageData kept one SQLite connection per thread that recorded
  coverage, but never closed them when those threads terminated. On long runs
  with many short-lived threads this leaked one file descriptor per dead
  thread, eventually failing with OSError: [Errno 24] Too many open files.
  Connections belonging to terminated threads are now closed and dropped.
  Fixes issue 2192_.

• Fix: when using sys.monitoring, we were assuming we could use the
  COVERAGE_ID tool id. But other tools might also assume they could use
  that id. Pre-allocated ids don't really make sense, so now we search for a
  usable one instead. Fixes issue 2187. Thanks, Matthew Lloyd <pull 2198_>.

• Following the advice of cibuildwheel <no-13t_>_, we no longer distribute
  wheels for Python 3.13 free-threaded.

.. _issue 2187: #​2187
.. _issue 2192: #​2192
.. _issue 2197: #​2197
.. _pull 2198: #​2198
.. _no-13t: https://py-free-threading.github.io/ci/#building-free-threaded-wheels-with-cibuildwheel

.. _changes_7-14-1:

nodejs/node (node)

v24.18.0: 2026-06-23, Version 24.18.0 'Krypton' (LTS), @​richardlau prepared by @​sxa

Compare Source

Notable Changes

• [e07e7a31e1] - crypto: update root certificates to NSS 3.123.1 (Node.js GitHub Bot) #​63527
• [44c8ebcbd6] - http: avoid stream listeners on idle agent sockets (Matteo Collina) #​64004
• [d3ef4122ee] - (SEMVER-MINOR) buffer: increase Buffer.poolSize default to 64 KiB (Matteo Collina) #​63597
• [bb2857b85a] - (SEMVER-MINOR) crypto: align key argument names in docs and error messages (Filip Skokan) #​62527
• [b9d5e87880] - (SEMVER-MINOR) crypto: accept key data in crypto.diffieHellman() and cleanup DH jobs (Filip Skokan) #​62527
• [ccd756d61e] - (SEMVER-MINOR) crypto: add TurboSHAKE and KangarooTwelve Web Cryptography algorithms (Filip Skokan) #​62183
• [4c9251fc09] - (SEMVER-MINOR) http: add writeInformation to send arbitrary 1xx status codes (Tim Perry) #​63155
• [8c989ec4a3] - (SEMVER-MINOR) inspector: expose precise coverage start to JS runtime (sangwook) #​63079
• [3f54c8ba32] - Revert "stream: noop pause/resume on destroyed streams" (Stewart X Addison) #​63834

Commits

• [d3ef4122ee] - (SEMVER-MINOR) buffer: increase Buffer.poolSize default to 64 KiB (Matteo Collina) #​63597
• [9ff36e40f0] - build: add --enable-all-experimentals build flag (Paolo Insogna) #​62755
• [7c22ee23aa] - build: def NODE_USE_NODE_CODE_CACHE only used in node_mksnapshot (Chengzhong Wu) #​63588
• [2551abdb4a] - build,win: enable x64 PGO (Stefan Stojanovic) #​62761
• [e8a55ce9b1] - crypto: strengthen argument CHECKs in TurboSHAKE (Tobias Nießen) #​62763
• [ae61cd68f3] - crypto: harden WebCrypto against prototype pollution (Filip Skokan) #​63363
• [3d05a1d396] - crypto: pass CryptoKey handles to KDF jobs (Filip Skokan) #​63363
• [f9d10a3f6b] - crypto: remove async from WebCrypto methods (Filip Skokan) #​63363
• [e431d93e9e] - crypto: add WebCrypto CryptoJob mode (Filip Skokan) #​63363
• [56e2505e48] - crypto: wire ML-DSA and ML-KEM for use when using BoringSSL (Filip Skokan) #​63255
• [3bac77f2a8] - crypto: wire ChaCha20-Poly1305 in Web Cryptography when using BoringSSL (Filip Skokan) #​63255
• [1bff901b09] - crypto: wire AES-KW in Web Cryptography when using BoringSSL (Filip Skokan) #​63255
• [4433fca3df] - crypto: harden CryptoKey algorithm slots (Filip Skokan) #​63111
• [b5cf01217a] - crypto: harden KeyObject internal slots (Filip Skokan) #​63111
• [ce84aef37d] - crypto: add guards and adjust tests for BoringSSL (Filip Skokan) #​62883
• [26781689b0] - crypto: reject duplicate ML-KEM JWK key_ops (Filip Skokan) #​62905
• [aeea8f4970] - crypto: add JWK support for ML-KEM and SLH-DSA key types (Filip Skokan) #​62706
• [407cf91656] - crypto: guard against size_t overflow on experimental 32-bit arch (Filip Skokan) #​62626
• [bb2857b85a] - (SEMVER-MINOR) crypto: align key argument names in docs and error messages (Filip Skokan) #​62527
• [b9d5e87880] - (SEMVER-MINOR) crypto: accept key data in crypto.diffieHellman() and cleanup DH jobs (Filip Skokan) #​62527
• [b46d52b283] - crypto: unify asymmetric key import through KeyObjectHandle::Init (Filip Skokan) #​62499
• [ccd756d61e] - (SEMVER-MINOR) crypto: add TurboSHAKE and KangarooTwelve Web Cryptography algorithms (Filip Skokan) #​62183
• [e07e7a31e1] - crypto: update root certificates to NSS 3.123.1 (Node.js GitHub Bot) #​63527
• [61826df455] - crypto: coerce -0 keylen to +0 in pbkdf2 and scrypt (Jordan Harband) #​63531
• [16d2fd3c07] - crypto: align verifyOneShot accepted types (Anshika Jain) #​63280
• [3b8330deda] - crypto: improve system certificate enumeration logic on macOS (Robo) #​62576
• [141de35399] - debugger: add --help to node inspect and improve docs (Joyee Cheung) #​63201
• [b76bfcd4fa] - deps: upgrade npm to 11.16.0 (npm team) #​63602
• [4ec142314c] - deps: SQLite: cherry-pick b869ed6 (Junsu Han) #​63525
• [19e8ce1c36] - deps: upgrade npm to 11.15.0 (npm team) #​63463
• [8a264260e2] - deps: update sqlite to 3.53.1 (Node.js GitHub Bot) #​63217
• [50c8ff3f94] - deps: update simdjson to 4.6.4 (Node.js GitHub Bot) #​62811
• [6e56f01c4b] - deps: V8: cherry-pick 435a2cd (Matthias Liedtke) #​63136
• [3ba813b242] - deps: cherry-pick libuv/libuv@a43e543 (Ali Hassan) #​63222
• [2390e3a5ac] - doc: remove duplicated sentences in large-pull-requests.md (Joyee Cheung) #​63650
• [52a1c18374] - doc: update git node land instructions for security releases (Antoine du Hamel) #​63586
• [3e6b4da037] - doc: drop --experimental from --permission (Rafael Gonzaga) #​63583
• [84d05163b9] - doc: explicitly ask for reproducible in JS (Rafael Gonzaga) #​63479
• [7da2a4450e] - doc: fix URL postMessage example in worker_threads (Kit Dallege) #​62203
• [3d79bd8b29] - doc: clarify filter option of sqlite.database.applyChangeset (Antoine du Hamel) #​63515
• [4f4174aace] - doc: fix double spaces in ERR_TLS_INVALID_PROTOCOL_METHOD (Daijiro Wachi) #​63511
• [388323ca4b] - doc: fix double space in modules.md (Daijiro Wachi) #​63512
• [5258ccc058] - doc: fix "options" to "option" in tls.createServer (Daijiro Wachi) #​63453
• [43e83e6507] - doc: fix typo in deprecations (Daijiro Wachi) #​63434
• [f05a61d54c] - doc: remove unsupported template type from v8.md (René) #​63410
• [c39d5fc820] - doc: fix article usage before vowel-sound acronyms (joao-oliveira-softtor) #​62696
• [398261f911] - doc: remove the bi-monthly contributor spotlight section (Claudio Wunder) #​62734
• [fd9e14c405] - doc: update http2's push and trailers events with rawHeaders param (YuSheng Chen) #​63259
• [b943ce6933] - doc: remove inactive members from Triagers list (Antoine du Hamel) #​63329
• [4b9cdfc022] - doc: reference correct function in Module docs (Robin Malfait) #​63247
• [bed84b6df2] - doc: replace Visual Studio 2022 Evergreen version reference with 17.14 (Mike McCready) #​63211
• [32ea70569b] - doc: recommend explicitly Tier 1 or 2 for production applications (Mike McCready) #​63187
• [4627bcfd82] - doc: run license-builder (github-actions[bot]) #​63232
• [28eba71845] - doc: add large pull requests contributing guide (Matteo Collina) #​62829
• [2648efd438] - doc: remove unnecessary <!-- eslint- magic comments (Antoine du Hamel) #​63200
• [a95fc1f8fc] - doc: clarify SEA platform support excludes darwin-x64 (MJSHANG) #​63181
• [aaef29e2e1] - doc: update release steps when post-release fails (Rafael Gonzaga) #​63131
• [7d81419cf2] - doc: add Hmac.digest() documentation-only deprecation (DEP0206) (Anshika Jain) #​63121
• [ececd80d81] - doc: document the latest-vX.x schema (Marco Ippolito) #​63033
• [27c1c1d842] - doc: remove list of versions in BUILDING.md (Antoine du Hamel) #​63113
• [e369886a65] - doc,sqlite: document entryPoint argument for loadExtension (Edy Silva) #​63152
• [e4e5137cbd] - errors: handle V8 warnings in DisallowJavascriptExecutionScope (Divyanshu Sharma) #​63491
• [6d1f6048d2] - fs: make Date properties on Stats enumerable (LiviaMedeiros) #​63328
• [44c8ebcbd6] - http: avoid stream listeners on idle agent sockets (Matteo Collina) #​64004
• [4c9251fc09] - (SEMVER-MINOR) http: add writeInformation to send arbitrary 1xx status codes (Tim Perry) #​63155
• [39f61fb06c] - http2: emit session close before stream close (Matteo Collina) #​63414
• [8a8f2127d1] - http2: validate non-link headers in writeEarlyHints (Matteo Collina) #​62017
• [8c989ec4a3] - (SEMVER-MINOR) inspector: expose precise coverage start to JS runtime (sangwook) #​63079
• [c05f38229b] - lib: cleanup stateless diffiehellman key handling (Filip Skokan) #​62645
• [1c16b45d35] - lib: refactor internal webidl converters (Filip Skokan) #​62979
• [02f35d6dce] - lib: define kEnumerableProperty atomically (Antoine du Hamel) #​63609
• [12c51547ba] - lib: fix typos in esm loader comments (RonGamzu) #​63465
• [9b03b84262] - lib: fix typo idenity => identity (Daijiro Wachi) #​63112
• [a84e6b0567] - lib: fixes validator message (Daijiro Wachi) #​62823
• [11734166a8] - lib: narrow ReadableStreamBYOBRequest.view return type to Uint8Array (RoomWithOutRoof) #​63017
• [7cead61d21] - meta: flip mcollina emails in .mailmap (Matteo Collina) #​63621
• [a08cfcfd35] - meta: label "source maps" PRs (Chengzhong Wu) #​63591
• [d56e8d2512] - meta: add vfs subsystem label (René) #​62331
• [6201cfe488] - meta: skip scheduled workflows on forks (Jamie Magee) #​63565
• [f095e2bd31] - meta: add additional gitignore entries (James M Snell) #​63267
• [1ea52c444c] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #​63402
• [b1b2327611] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #​63235
• [7d88e130a9] - meta: ignore AI assistants files (Matteo Collina) #​62612
• [a53b51df38] - module: load ESM helpers eagerly in the snapshot (Joyee Cheung) #​63550
• [69df688fff] - module: fix sync hook short-circuit in require() in imported CJS (Joyee Cheung) #​62920
• [75d9a4ed47] - node-api: support SharedArrayBuffer in napi_create_typedarray (Yilong Li) #​62710
• [c20aa4c47b] - quic: add reusePort option to QuicEndpoint (James M Snell) #​63267
• [26a30d8a7f] - quic: implement rate limiting for version nego and immediate close (James M Snell) #​63267
• [0b534b5770] - quic: fixup linting issue after other changes (James M Snell) #​63267
• [4b367cbe09] - quic: remove unused binding variable in session.cc (James M Snell) #​63177
• [2574bef5a6] - repl: fix dedup comparing normalized line against raw history (Daijiro Wachi) #​62886
• [30e71c7e49] - sqlite: keep source database alive during backup (Matteo Collina) #​62673
• [677ca7e76c] - src: simplify OpenSSL feature gates (Filip Skokan) #​63255
• [c863c75c39] - src: add BoringSSL EVP enumeration fallback (Filip Skokan) #​63206
• [f6b2466921] - src: decouple KeyObject and CryptoKey and move CryptoKey to src (Filip Skokan) #​62924
• [92d4f07dd2] - src: remove license headers for new node_profiling files (Chengzhong Wu) #​63066
• [8ac5d771c8] - src: split profiling helpers from util (Ilyas Shabi) #​63008
• [85d1639495] - src: remove TOCTOU race condition when encoding SAB-backed Buffers (Antoine du Hamel) #​63517
• [9473c5f05c] - src: skip duplicate UTF-8 validation in TextDecoder fatal path (Mert Can Altin) #​63231
• [f35c91ee68] - src: improve token return value check (James M Snell) #​63483
• [26f677c1c5] - src: expose node::RegisterContext to make a node managed context (Chengzhong Wu) #​62322
• [275cf909b6] - src,sqlite: only pass xFilter when user provided a callback (Antoine du Hamel) #​63516
• [287e02303f] - src,sqlite: remove dead code (Edy Silva) #​63204
• [58fa2ee189] - stream: switch to internal sleep binding (Antoine du Hamel) #​63611
• [f954ab3f1a] - stream: use data listener for compose forwarding (Trivikram Kamat) #​63593
• [dc57173003] - stream: fix Writable.toWeb() hang on synchronous drain (sangwook) #​61197
• [3f54c8ba32] - Revert "stream: noop pause/resume on destroyed streams" (Stewart X Addison) #​63834
• [cee279c5d6] - stream: remove unnecessary check (Antoine du Hamel) #​63030
• [61b20f60a3] - test: update tls/crypto behaviour expectations when using BoringSSL (Filip Skokan) #​63161
• [a835363808] - test: update WPT for WebCryptoAPI to 97bbc72 (Node.js GitHub Bot) #​63417
• [a00297480b] - test: update WPT resources, interfaces and WebCryptoAPI (Node.js GitHub Bot) #​62389
• [5a95a2b055] - test: shorten path in net pipe connect errors (Matteo Collina) #​63405
• [5e8ff22d8f] - test: remove test-node-output-v8-warning (Joyee Cheung) #​63469
• [ee15380950] - test: update test426-fixtures to 9b9e225 (Node.js GitHub Bot) #​63373
• [9e063d9bea] - test: update WPT for url to e4a4672 (Node.js GitHub Bot) #​63372
• [503bee4b43] - test: deflake async-hooks statwatcher test (Trivikram Kamat) #​63396
• [cccc7c32d8] - test: avoid test_runner watch restart in spec snapshot (Trivikram Kamat) #​63392
• [c89489258c] - test: reduce watch mode restart flakiness (Trivikram Kamat) #​63390
• [e4d5e2578e] - test: isolate rerun-failures state file under tmpdir (Chemi Atlow) #​63449
• [362644a9ba] - test: wait for ok before initial break after restart (Yuya Inoue) #​62807
• [c4058d0e05] - test: disable Maglev in near-heap-limit worker test (Trivikram Kamat) #​63398
• [214da630a7] - test: deflake connection refused proxy tests (Trivikram Kamat) #​63395
• [1d61a29876] - test: avoid repeated writes in watch helper (Trivikram Kamat) #​63386
• [2004e25387] - test: deflake watch mode worker test (Trivikram Kamat) #​63384
• [d691cccfc1] - test: relax test-memory-usage arrayBuffers check (inoway46) #​63244
• [0ff6bf853c] - test: reduce flakiness of different-registry-per-thread (Antoine du Hamel) #​63244
• [d9f4e8e503] - test: fix flaky test-watch-mode-inspect timeout (Matteo Collina) #​63361
• [6d7cd50328] - test: relax min assertion in test-performance-eventloopdelay (Marco) #​63100
• [9dafe1d2d8] - test: avoid flaky restart sync in debugger exceptions test (Yuya Inoue) #​62055
• [989b2de973] - test: avoid initial-break wait in restart-message (inoway46) #​62060
• [a072a25ee7] - test: move FFI tests to NATIVE_SUITES (Antoine du Hamel) #​63165
• [64efbfd878] - test: use ERM to destroy sqlite database handles after tests (René) #​63076
• [7dee66cd94] - test_runner: dont buffer unordered events in process isolation mode (Moshe Atlow) #​63432
• [d257eec1e3] - test_runner: fix --test-rerun-failures swallowing failures on retry (Chemi Atlow) #​63431
• [288c320e2f] - test_runner: show replayed-from-attempt hint in spec reporter (Moshe Atlow) #​63429
• [904bdf5bb4] - test_runner: preserve run duration when using test-rerun (Moshe Atlow) #​63429
• [df183d7bfa] - test_runner: avoid hanging on incomplete v8 frames (Ali Hassan) #​62704
• [ec86c69726] - test_runner: fix diagnostics channel context tracking (Moshe Atlow) #​63283
• [94e5f63b83] - tls: add unsupported renegotiation error (Filip Skokan) #​63161
• [06d308fb61] - tools: prevent lib code from reading KeyObject and CryptoKey accessors (Filip Skokan) #​63111
• [2e4a0d0c91] - tools: bump brace-expansion from 5.0.5 to 5.0.6 in /tools/eslint (dependabot[bot]) #​63415
• [4c9666b366] - tools: skip commit-lint on backport pull requests (Marco) #​63378
• [67d0c490a8] - tools: fix skip of test-internet on forks (Antoine du Hamel) #​63492
• [02f73c7cac] - tools: bump the eslint group in /tools/eslint with 4 updates (dependabot[bot]) #​63075
• [5d016d3241] - tools: update gyp-next to 0.22.2 (Node.js GitHub Bot) #​63374
• [55af0f0edb] - tools: fix test426 updater (Antoine du Hamel) #​63271
• [d8475e167a] - tools: use different branch for tool updates on staging branches (Antoine du Hamel) #​63110
• [c605df9e50] - util: remove unused functions (Antoine du Hamel) #​63612
• [fe4540ebdb] - util: create hex style cache and fast path (Guilherme Araújo) #​62999

jsh9/pydoclint (pydoclint)

v0.8.7

Compare Source

• Fixed
  • A DOC404 false positive on a function with both a return and a yield
    whose return annotation is a parametrized iterator (e.g.
    Iterator[Dict[str, Any]]): the yield type was extracted twice, producing
    (str, Any) instead of Dict[str, Any]
• Full diff
  • jsh9/pydoclint@0.8.6...0.8.7

astral-sh/ruff (ruff)

v0.15.20

Compare Source

Released on 2026-06-25.

Preview features

• Allow human-readable names in rule selectors (#​25887)
• Emit a warning instead of an error for unknown rule selectors (#​26113)
• Match noqa shebang handling in ruff:ignore comments (#​26286)
• [ruff] Remove pytest-fixture-autouse (RUF076) (#​26240, #​26371)

Documentation

• Add versioning sections to custom crate READMEs (#​26317)
• Update ruff_python_parser README for crates.io (#​26315)
• [perflint] Clarify that PERF402 applies to any iterable (#​26242)

Contributors

• @​dhruvmanila
• @​MichaReiser
• @​ntBre
• @​trilamsr

v0.15.19

Compare Source

Released on 2026-06-23.

Preview features

• Support human-readable names when hovering suppression comments and in code actions (#​26114)

Bug fixes

• Fall back to default settings when editor-only settings are invalid (#​26244)
• Fix panic when inserting text at a notebook cell boundary (#​26111)

Rule changes

• [pylint] Update fix suggestions for __floor__, __trunc__, __length_hint__, and __matmul__ variants (PLC2801) (#​26239)

Performance

• Avoid allocating when parsing single string literals (#​26200)
• Avoid reallocating singleton call arguments (#​26223)
• Lazily create source files for lint diagnostics (#​26226)
• Optimize formatter text width and indentation (#​26236)
• Reserve capacity for builtin bindings (#​26229)
• Skip repeated-key checks for singleton dictionaries (#​26228)
• Use ArrayVec for qualified name segments (#​26224)

Documentation

• [flake8-pyi] Note that PYI051 is an opinionated stylistic rule (#​26179)
• [pyupgrade] Clarify UP029 as a Python 2 compatibility rule (#​26243)

Other changes

• Publish Ruff crates to crates.io (#​26271)

Contributors

• @​MakenRosa
• @​MichaReiser
• @​trilamsr
• @​ntBre
• @​sanjibani
• @​charliermarsh

tombi-toml/tombi (tombi)

v1.1.5

Compare Source

What's Changed

🐛 Bug Fixes

• fix(lsp): merge allOf table key completions by @​ya7010 in #​1959
• fix(vscode): color TOML dates as constants by @​ya7010 in #​1960

🛠️ Other Changes

• fix(lsp): complete literal keys in tables by @​ya7010 in #​1958

Full Changelog: tombi-toml/tombi@v1.1.4...v1.1.5

v1.1.4

Compare Source

What's Changed

🐛 Bug Fixes

• fix(lsp): avoid stale diagnostics after changes by @​ya7010 in #​1954

👒 Dependencies

• build(deps-dev): bump esbuild from 0.28.0 to 0.28.1 in the npm_and_yarn group across 1 directory by @​dependabot[bot] in #​1945
• build(deps-dev): bump the npm_and_yarn group across 2 directories with 1 update by @​dependabot[bot] in #​1952

🛠️ Other Changes

• fix(ci): include LICENSE in python sdist by @​ya7010 in #​1942
• docs: explain selective auto-sort re-enable by @​ya7010 in #​1943
• Use GitHub App token for dependent release dispatches by @​ya7010 in #​1951

Full Changelog: tombi-toml/tombi@v1.1.3...v1.1.4

tox-dev/tox (tox)

v4.56.1

Compare Source

What's Changed

• treat scalar string then/else as a single item in if-replace extend by @​HrachShah in #​3969

New Contributors

• @​HrachShah made their first contribution in #​3969

Full Changelog: tox-dev/tox@4.56.0...4.56.1

v4.56.0

Compare Source

What's Changed

• Fix type errors flagged by ty 0.0.43 by @​gaborbernat in #​3952
• Drop obsolete ty: ignore directives by @​gaborbernat in #​3957
• docs: Use double backquotes for git command in development.rst by @​mushitoriami in #​3961
• docs: Fix indent misalignment in reference/config.rst by @​mushitoriami in #​3962
• docs: replace http://tox.readthedocs.org with https://tox.wiki by @​TejasAmle in #​3963
• 🐛 fix(config): restore skip_missing_interpreters default to False by @​gaborbernat in #​3966
• ✨ feat(virtualenv): auto-pin virtualenv for end-of-life Python by @​gaborbernat in #​3967

New Contributors

• @​TejasAmle made their first contribution in #​3963

Full Changelog: tox-dev/tox@4.55.1...4.56.0

astral-sh/uv (uv)

[`v0.

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (in timezone UTC)

• Branch creation
  • "before 4am on monday"
• Automerge
  • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update artifacts related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: pyproject.toml

Artifact update for pydoclint resolved to version 0.9.0, which is a pending version that has not yet passed the Minimum Release Age threshold.
Renovate was attempting to update to 0.8.7
This is (likely) not a bug in Renovate, but due to the way your project pins dependencies, _and_ how Renovate calls your package manager to update them.
Until Renovate supports specifying an exact update to your package manager (https://github.com/renovatebot/renovate/issues/41624), it is recommended to directly pin your dependencies (with `rangeStrategy=pin` for apps, or `rangeStrategy=widen` for libraries)
See also: https://docs.renovatebot.com/dependency-pinning/

File name: pyproject.toml

Artifact update for tombi resolved to version 1.1.6, which is a pending version that has not yet passed the Minimum Release Age threshold.
Renovate was attempting to update to 1.1.5
This is (likely) not a bug in Renovate, but due to the way your project pins dependencies, _and_ how Renovate calls your package manager to update them.
Until Renovate supports specifying an exact update to your package manager (https://github.com/renovatebot/renovate/issues/41624), it is recommended to directly pin your dependencies (with `rangeStrategy=pin` for apps, or `rangeStrategy=widen` for libraries)
See also: https://docs.renovatebot.com/dependency-pinning/

[ansibuddy]

🤖 NEEDS HUMAN REVIEW

Reason: All CI checks pass but PR requires human approval before automerge can proceed.

What this PR does

Updates all Python dependencies (chore(deps): update all dependencies).

CI Status

All checks pass ✅ (SonarCloud ✅, ack/ack ✅, CodeQL ✅, codecov ✅, all tox matrix jobs py310–py314 ✅). Automerge is enabled.

Why human review is needed

Bot auto-approval was removed from ack.yml on 2026-06-09 (commit 08e4280f in ansible/team-devtools). Renovate PRs now require a human reviewer to approve before automerge can fire.

Action required

Review and approve this PR. Once approved, automerge will squash-merge it automatically.

---

Posted by fix-bot-prs workflow — 2026-06-29