Bump the development-dependencies group across 1 directory with 7 updates

[dependabot]

Updates the requirements on pytest, pre-commit, pytest-cov, ruff, deptry, pdoc and uv-build to permit the latest version.
Updates pytest to 9.0.3

Release notes

Sourced from pytest's releases.

9.0.3

pytest 9.0.3 (2026-04-07)

Bug fixes

• #12444: Fixed pytest.approx which now correctly takes into account ~collections.abc.Mapping keys order to compare them.

• #13634: Blocking a conftest.py file using the -p no: option is now explicitly disallowed.

  Previously this resulted in an internal assertion failure during plugin loading.

  Pytest now raises a clear UsageError explaining that conftest files are not plugins and cannot be disabled via -p.

• #13734: Fixed crash when a test raises an exceptiongroup with __tracebackhide__ = True.

• #14195: Fixed an issue where non-string messages passed to unittest.TestCase.subTest() were not printed.

• #14343: Fixed use of insecure temporary directory (CVE-2025-71176).

Improved documentation

• #13388: Clarified documentation for -p vs PYTEST_PLUGINS plugin loading and fixed an incorrect -p example.
• #13731: Clarified that capture fixtures (e.g. capsys and capfd) take precedence over the -s / --capture=no command-line options in Accessing captured output from a test function <accessing-captured-output>.
• #14088: Clarified that the default pytest_collection hook sets session.items before it calls pytest_collection_finish, not after.
• #14255: TOML integer log levels must be quoted: Updating reference documentation.

Contributor-facing changes

• #12689: The test reports are now published to Codecov from GitHub Actions. The test statistics is visible on the web interface.

  -- by aleguy02

Commits

• a7d58d7 Prepare release version 9.0.3
• 089d981 Merge pull request #14366 from bluetech/revert-14193-backport
• 8127eaf Revert "Fix: assertrepr_compare respects dict insertion order (#14050) (#14193)"
• 99a7e60 Merge pull request #14363 from pytest-dev/patchback/backports/9.0.x/95d8423bd...
• ddee02a Merge pull request #14343 from bluetech/cve-2025-71176-simple
• 74eac69 doc: Update training info (#14298) (#14301)
• f92dee7 Merge pull request #14267 from pytest-dev/patchback/backports/9.0.x/d6fa26c62...
• 7ee58ac Merge pull request #12378 from Pierre-Sassoulas/fix-implicit-str-concat-and-d...
• 37da870 Merge pull request #14259 from mitre88/patch-4 (#14268)
• c34bfa3 Add explanation for string context diffs (#14257) (#14266)
• Additional commits viewable in compare view

Updates pre-commit to 4.6.0

Release notes

Sourced from pre-commit's releases.

pre-commit v4.6.0

Features

• pre-commit hook-impl: allow --hook-dir to be missing to enable easier usage with git 2.54+ git hooks.
  • #3662 PR by @​asottile.

Fixes

• pre-commit hook-impl: --hook-type is required.
  • #3661 PR by @​asottile.

Changelog

Sourced from pre-commit's changelog.

4.6.0 - 2026-04-21

Features

• pre-commit hook-impl: allow --hook-dir to be missing to enable easier usage with git 2.54+ git hooks.
  • #3662 PR by @​asottile.

Fixes

• pre-commit hook-impl: --hook-type is required.
  • #3661 PR by @​asottile.

4.5.1 - 2025-12-16

Fixes

• Fix language: python with repo: local without additional_dependencies.
  • #3597 PR by @​asottile.

4.5.0 - 2025-11-22

Features

• Add pre-commit hazmat.
  • #3585 PR by @​asottile.

4.4.0 - 2025-11-08

Features

• Add --fail-fast option to pre-commit run.
  • #3528 PR by @​JulianMaurin.
• Upgrade ruby-build / rbenv.
  • #3566 PR by @​asottile.
  • #3565 issue by @​MRigal.
• Add language: unsupported / language: unsupported_script as aliases for language: system / language: script (which will eventually be deprecated).
  • #3577 PR by @​asottile.
• Add support docker-in-docker detection for cgroups v2.
  • #3535 PR by @​br-rhrbacek.
  • #3360 issue by @​JasonAlt.

Fixes

• Handle when docker gives SecurityOptions: null.
  • #3537 PR by @​asottile.
  • #3514 issue by @​jenstroeger.
• Fix error context for invalid stages in .pre-commit-config.yaml.
  • #3576 PR by @​asottile.

... (truncated)

Commits

• f35134b v4.6.0
• 2a51ffc Merge pull request #3662 from pre-commit/hook-impl-optional-hook-dir
• d7dee32 make --hook-dir optional for hook-impl
• 965aeb1 Merge pull request #3661 from pre-commit/hook-impl-required
• 2eacc06 --hook-type is required for hook-impl
• f5678bf Merge pull request #3657 from pre-commit/pre-commit-ci-update-config
• 054cc5b [pre-commit.ci] pre-commit autoupdate
• 5c0f302 Merge pull request #3652 from pre-commit/pre-commit-ci-update-config
• a5d9114 [pre-commit.ci] pre-commit autoupdate
• 129a1f5 Merge pull request #3641 from pre-commit/mxr-patch-1
• Additional commits viewable in compare view

Updates pytest-cov to 7.1.0

Changelog

Sourced from pytest-cov's changelog.

7.1.0 (2026-03-21)

• Fixed total coverage computation to always be consistent, regardless of reporting settings. Previously some reports could produce different total counts, and consequently can make --cov-fail-under behave different depending on reporting options. See [#641](https://github.com/pytest-dev/pytest-cov/issues/641) <https://github.com/pytest-dev/pytest-cov/issues/641>_.

• Improve handling of ResourceWarning from sqlite3.

  The plugin adds warning filter for sqlite3 ResourceWarning unclosed database (since 6.2.0). It checks if there is already existing plugin for this message by comparing filter regular expression. When filter is specified on command line the message is escaped and does not match an expected message. A check for an escaped regular expression is added to handle this case.

  With this fix one can suppress ResourceWarning from sqlite3 from command line::

  pytest -W "ignore:unclosed database in <sqlite3.Connection object at:ResourceWarning" ...

• Various improvements to documentation. Contributed by Art Pelling in [#718](https://github.com/pytest-dev/pytest-cov/issues/718) <https://github.com/pytest-dev/pytest-cov/pull/718>_ and "vivodi" in [#738](https://github.com/pytest-dev/pytest-cov/issues/738) <https://github.com/pytest-dev/pytest-cov/pull/738>. Also closed [#736](https://github.com/pytest-dev/pytest-cov/issues/736) <https://github.com/pytest-dev/pytest-cov/issues/736>.

• Fixed some assertions in tests. Contributed by in Markéta Machová in [#722](https://github.com/pytest-dev/pytest-cov/issues/722) <https://github.com/pytest-dev/pytest-cov/pull/722>_.

• Removed unnecessary coverage configuration copying (meant as a backup because reporting commands had configuration side-effects before coverage 5.0).

7.0.0 (2025-09-09)

• Dropped support for subprocesses measurement.

  It was a feature added long time ago when coverage lacked a nice way to measure subprocesses created in tests. It relied on a .pth file, there was no way to opt-out and it created bad interations with coverage's new patch system <https://coverage.readthedocs.io/en/latest/config.html#run-patch>_ added in 7.10 <https://coverage.readthedocs.io/en/7.10.6/changes.html#version-7-10-0-2025-07-24>_.

  To migrate to this release you might need to enable the suprocess patch, example for .coveragerc:

  .. code-block:: ini

  [run] patch = subprocess

  This release also requires at least coverage 7.10.6.

• Switched packaging to have metadata completely in pyproject.toml and use hatchling <https://pypi.org/project/hatchling/>_ for building. Contributed by Ofek Lev in [#551](https://github.com/pytest-dev/pytest-cov/issues/551) <https://github.com/pytest-dev/pytest-cov/pull/551>_ with some extras in [#716](https://github.com/pytest-dev/pytest-cov/issues/716) <https://github.com/pytest-dev/pytest-cov/pull/716>_.

• Removed some not really necessary testing deps like six.

... (truncated)

Commits

• 66c8a52 Bump version: 7.0.0 → 7.1.0
• f707662 Make the examples use pypy 3.11.
• 6049a78 Make context test use the old ctracer (seems the new sysmon tracer behaves di...
• 8ebf20b Update changelog.
• 861d30e Remove the backup context manager - shouldn't be needed since coverage 5.0, ...
• fd4c956 Pass the precision on the nulled total (seems that there's some caching goion...
• 78c9c4e Only run the 3.9 on older deps.
• 4849a92 Punctuation.
• 197c35e Update changelog and hopefully I don't forget to publish release again :))
• 14dc1c9 Update examples to use 3.11 and make the adhoc layout example look a bit more...
• Additional commits viewable in compare view

Updates ruff to 0.15.12

Release notes

Sourced from ruff's releases.

0.15.12

Release Notes

Released on 2026-04-24.

Preview features

• Implement #ruff:file-ignore file-level suppressions (#23599)
• Implement #ruff:ignore logical-line suppressions (#23404)
• Revert preview changes to displayed diagnostic severity in LSP (#24789)
• [airflow] Implement task-branch-as-short-circuit (AIR004) (#23579)
• [flake8-bugbear] Fix break/continue handling in loop-iterator-mutation (B909) (#24440)
• [pylint] Fix PLC2701 for type parameter scopes (#24576)

Rule changes

• [pandas-vet] Suggest .array as well in PD011 (#24805)

CLI

• Respect default Unix permissions for cache files (#24794)

Documentation

• [pylint] Fix PLR0124 description not to claim self-comparison always returns the same value (#24749)
• [pyupgrade] Expand docs on reusable TypeVars and scoping (UP046) (#24153)
• Improve rules table accessibility (#24711)

Contributors

• @​dylwil3
• @​AlexWaygood
• @​woodruffw
• @​avasis-ai
• @​Dev-iL
• @​denyszhak
• @​ShipItAndPray
• @​anishgirianish
• @​augustelalande
• @​amyreese
• @​majiayu000

Install ruff 0.15.12

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ruff/releases/download/0.15.12/ruff-installer.sh | sh

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.12

Released on 2026-04-24.

Preview features

• Implement #ruff:file-ignore file-level suppressions (#23599)
• Implement #ruff:ignore logical-line suppressions (#23404)
• Revert preview changes to displayed diagnostic severity in LSP (#24789)
• [airflow] Implement task-branch-as-short-circuit (AIR004) (#23579)
• [flake8-bugbear] Fix break/continue handling in loop-iterator-mutation (B909) (#24440)
• [pylint] Fix PLC2701 for type parameter scopes (#24576)

Rule changes

• [pandas-vet] Suggest .array as well in PD011 (#24805)

CLI

• Respect default Unix permissions for cache files (#24794)

Documentation

• [pylint] Fix PLR0124 description not to claim self-comparison always returns the same value (#24749)
• [pyupgrade] Expand docs on reusable TypeVars and scoping (UP046) (#24153)
• Improve rules table accessibility (#24711)

Contributors

• @​dylwil3
• @​AlexWaygood
• @​woodruffw
• @​avasis-ai
• @​Dev-iL
• @​denyszhak
• @​ShipItAndPray
• @​anishgirianish
• @​augustelalande
• @​amyreese
• @​majiayu000

0.15.11

Released on 2026-04-16.

Preview features

• [ruff] Ignore RUF029 when function is decorated with asynccontextmanager (#24642)
• [airflow] Implement airflow-xcom-pull-in-template-string (AIR201) (#23583)
• [flake8-bandit] Fix S103 false positives and negatives in mask analysis (#24424)

... (truncated)

Commits

• 66f93cf Bump 0.15.12 (#24815)
• 476a4d0 [ty] Complete support for more detailed diagnostics on possibly unbound error...
• ed669ea Implement #ruff:file-ignore file-level suppressions (#23599)
• e73d952 [ty] Include inferred type in invalid-key concise diagnostic for union/inte...
• 80feb29 [ty] report only dead annotation-only locals as unused (#24811)
• 0fbf2bc Drop deprecated license classifier (#24808)
• 43b174c [ty] Infer lambda parameter types with Callable type context (#24317)
• 4f449ae [ty] Add error context for intersection types (#24772)
• 5b4e753 [ty] Add support for goto in literal enum member inlay hint (#24792)
• e7cc762 [ty] Add error context for TypedDict assignments (#24790)
• Additional commits viewable in compare view

Updates deptry to 0.25.1

Release notes

Sourced from deptry's releases.

0.25.1

What's Changed

Release 0.25.0 was yanked in PyPI because of a failure during the release. 0.25.1 is identical, but includes a fix in the release process.

Full Changelog: osprey-oss/deptry@0.25.0...0.25.1

Changelog

Sourced from deptry's changelog.

0.25.1 - 2025-03-18

Release 0.25.0 was yanked in PyPI because of a failure during the release. 0.25.1 is identical, but includes a fix in the release process.

0.25.0 - 2025-03-18

Repository moved to Osprey OSS

deptry has moved from fpgmaas/deptry to osprey-oss/deptry under the new Osprey OSS organisation. This ensures the project is not tied to a single account and makes it easier to manage contributors and access as the project grows.

Features

• Support inline # deptry: ignore comments to suppress violations (#1473)
• Support non-dev dependency groups with --non-dev-dependency-groups (#1440)
• Use tomli on Python < 3.15 for TOML 1.1 support (#1446)
• Add --optional-dependencies-dev-groups and deprecate --pep621-dev-dependency-groups (#1391)

Bug Fixes

• Ensure that --config does not suppress output (#1390)

Full Changelog

osprey-oss/deptry@0.24.0...0.25.0

0.24.0 - 2025-11-09

Breaking changes

Python 3.9 support dropped

Support for Python 3.9 has been dropped, as it has reached its end of life.

PyPy 3.10 support dropped, 3.11 added

Support for PyPy 3.10 has been dropped, since it is unsupported. We now only test against PyPy 3.11, and only publish wheels for this version.

Features

• Add GitHub Actions annotations reporter (#1059)
• Add support for Python 3.14 (#1224)
• Drop support for Python 3.9 (#1328)
• Publish wheels for PyPy 3.11 and drop 3.10 (#1227)

Full Changelog

osprey-oss/deptry@0.23.1...0.24.0

0.23.1 - 2025-07-30

... (truncated)

Commits

• 0c39226 Remove pinned maturin version for building windows wheels in release (#1516)
• 501a929 chore(packaging): use PEP 639 license format (#1514)
• 2d89cf4 Releasenotes for release 0.25.0 (#1510)
• ef64f93 Replace all references of fpgmaas/deptry with osprey-oss/deptry (#1513)
• fdec8c5 Add trusted publishing (#1512)
• 2e27ae2 chore(deps): update uv-version to v0.10.10 (#1503)
• 9d1f7d1 chore(deps): update pre-commit hook astral-sh/ruff-pre-commit to v0.15.6 (#1502)
• 2a5a0a6 chore(deps): update dependency mkdocs-material to v9.7.5 (#1501)
• 487f682 chore(deps): update dependency pnpm to v10.32.1 (#1506)
• 608ba46 fix(deps): update ruff rust to v0.15.6 (#1504)
• Additional commits viewable in compare view

Updates pdoc to 16.0.0

Changelog

Sourced from pdoc's changelog.

2025-10-27: pdoc 16.0.0

• pdoc has a new logo. 🐍 (#838, @​mhils)
• Add support for Python 3.14. (#843, @​mhils)
• Drop support for Python 3.9, which as reached end of life. (#842, @​mhils)
• Fix linking of identifiers that contain unicode characters. (#831, @​iFreilicht)
• Replace vendored version of markdown2 with the official upstream
• Add support for keyword args for Google flavor docs. (#840, @​aleksslitvinovs)
• Add support for Pydantic-style field docstrings, e.g. pydantic.Field(description="...") (#802, @​jinnovation)

2025-06-04: pdoc 15.0.4

• Include included HTML headers in the ToC by default by enabling markdown2's mixed=True option of the header-ids extra (#806, @​mrossinek)
• Make pdoc . work to document the module in the current directory. (#813, @​mhils)

2025-04-21: pdoc 15.0.3

• Add missing styles for Github's markdown alerts. (#796, @​Steve-Tech)

2025-04-17: pdoc 15.0.2

• Fix a bug where type aliases wouldn't be linked. (#798, @​mhils)
• Fix a bug where invalid Numpydoc docstrings would raise an exception. (#789, @​tobiscode, @​mhils)
• Improve debuggability of docstring processing (#784, @​tobiscode)
• Fix handling of URL-escaped module names (#787, @​iFreilicht)
• Embed local images referenced in docstrings with an HTML image tag (<img src="./image.png">) in addition to Markdown (![image](https://github.com/mitmproxy/pdoc/blob/main/image.png)) (#785, @​earshinov)

2024-12-12: pdoc 15.0.1

• Update Mermaid.js version. (#763, @​CodeMelted)

2024-10-11: pdoc 15.0.0

... (truncated)

Commits

• 6677d73 pdoc 16.0.0
• 3f75834 Support Pydantic model defaults + field descriptions (#802)
• f19fbf7 Add support for Python 3.14 (#843)
• 8aa648f Bump mhils/workflows in the dependencies group (#844)
• b782455 Add support for keyword args for Google flavor docs (#840)
• 34c7759 Drop Support for Python 3.9 (#842)
• 0f27371 fix: remove hard-coded pdoc mention from title in template (#841)
• a12c236 Add new pdoc logo (#838)
• 0f308ab Bump mhils/workflows in the dependencies group (#837)
• 7c880c5 Replace vendored markdown2 w/ official upstream (#836)
• Additional commits viewable in compare view

Updates uv-build to 0.11.11

Release notes

Sourced from uv-build's releases.

0.11.11

Release Notes

Released on 2026-05-06.

Bug fixes

• Accept legacy ID format from pre-0.11.9 cache entries (#19301)

Install uv 0.11.11

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.11/uv-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/uv/releases/download/0.11.11/uv-installer.ps1 | iex"

Download uv 0.11.11

File	Platform	Checksum
uv-aarch64-apple-darwin.tar.gz	Apple Silicon macOS	checksum
uv-x86_64-apple-darwin.tar.gz	Intel macOS	checksum
uv-aarch64-pc-windows-msvc.zip	ARM64 Windows	checksum
uv-i686-pc-windows-msvc.zip	x86 Windows	checksum
uv-x86_64-pc-windows-msvc.zip	x64 Windows	checksum
uv-aarch64-unknown-linux-gnu.tar.gz	ARM64 Linux	checksum
uv-i686-unknown-linux-gnu.tar.gz	x86 Linux	checksum
uv-powerpc64le-unknown-linux-gnu.tar.gz	PPC64LE Linux	checksum
uv-riscv64gc-unknown-linux-gnu.tar.gz	RISCV Linux	checksum
uv-s390x-unknown-linux-gnu.tar.gz	S390x Linux	checksum
uv-x86_64-unknown-linux-gnu.tar.gz	x64 Linux	checksum
uv-armv7-unknown-linux-gnueabihf.tar.gz	ARMv7 Linux	checksum
uv-aarch64-unknown-linux-musl.tar.gz	ARM64 MUSL Linux	checksum
uv-i686-unknown-linux-musl.tar.gz	x86 MUSL Linux	checksum
uv-riscv64gc-unknown-linux-musl.tar.gz	RISCV MUSL Linux	checksum
uv-x86_64-unknown-linux-musl.tar.gz	x64 MUSL Linux	checksum
uv-arm-unknown-linux-musleabihf.tar.gz	ARMv6 MUSL Linux (Hardfloat)	checksum
uv-armv7-unknown-linux-musleabihf.tar.gz	ARMv7 MUSL Linux	checksum

Verifying GitHub Artifact Attestations

The artifacts in this release have attestations generated with GitHub Artifact Attestations. These can be verified by using the GitHub CLI:

</tr></table> 

... (truncated)

Changelog

Sourced from uv-build's changelog.

0.11.11

Released on 2026-05-06.

Bug fixes

• Accept legacy ID format from pre-0.11.9 cache entries (#19301)

0.11.10

Released on 2026-05-05.

Bug fixes

• Allow pre-release Python requests with non-zero patch versions (#19286)

0.11.9

Released on 2026-05-04.

This release includes a special release candidate for the next Python 3.14 patch release. Python 3.14 included a new garbage collection implementation, which reduced pause times but caused significant unexpected memory pressure in production environments. In 3.14.5 and 3.15, the previous garbage collection implementation will be restored.

We would greatly appreciate if you tested the 3.14.5rc1 version included in this release. The stable version is expected to be released soon and any feedback on potential issues would be helpful to the Python development team.

For more context, see the announcement, issue, and pull request.

Issues with the new release can be reported in the uv or CPython issue trackers.

Python

• Upgrade PyPy to v7.3.22
• Add CPython 3.14.5rc1
• On macOS, CPython statically links libpython to match Linux

Enhancements

• Omit compatible release desugaring for pre-release hints (#19267)
• Fix file locks on Android (#18323)

Preview

• uv audit add reporting for adverse project statuses (#19128)

Bug fixes

• Discover versioned Python executables when requires-python pins a version (#18700)
• Fix URL prefix matching to require path boundaries (#19154)
• Fix transitive Git path dependencies in lockfiles (#19269)
• Handle incorrect unlock error in LockedFile::drop on Wine (#19229)
• Prevent uninstalling site-packages for empty top_level.txt in .egg-info (#19114)

... (truncated)

Commits

• ed7b060 Bump version to 0.11.11 (#19303)
• ec4590d Continue docs/versions/mirror publish on crates.io failure (#19302)
• b80d791 fix(cache): accept legacy ID format from pre-0.11.9 cache entries (#19298) (#...
• add376f Bump version to 0.11.10 (#19293)
• f895a30 Add job to prepare a release branch (#19292)
• 3ff510a Increase the timeout for crates.io publishes (#19287)
• 3072810 Allow releases to continue on failure to publish to crates.io (#19291)
• 2efecda Allow pre-release Python requests with non-zero patch versions (#19286)
• e5d20c6 Fix pre-release handling in the manual release script (#19276)
• 7829a03 Bump version to 0.11.9 (#19273)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Tests	Skipped	Failures	Errors	Time
781	0 💤	0 ❌	0 🔥	11.816s ⏱️

[nx10]

@dependabot rebase

[dependabot]

The dependabot.yml entry that created this PR has been deleted so this PR can't be rebased. Please close the PR so Dependabot can create a new one with the current dependabot.yml.

[kaitj]

@nx10, I think this might be superceded by #340?