Bump the poetry-dependencies group with 19 updates

[dependabot]

Bumps the poetry-dependencies group with 19 updates:

Package	From	To
oracledb	3.4.1	3.4.2
ruff	0.14.13	0.14.14
types-python-dateutil	2.9.0.20251115	2.9.0.20260124
coverage	7.13.1	7.13.2
cryptography	46.0.3	46.0.4
debugpy	1.8.19	1.8.20
google-auth	2.47.0	2.48.0
multidict	6.7.0	6.7.1
packaging	25.0	26.0
pathspec	1.0.3	1.0.4
protobuf	6.33.4	6.33.5
psutil	7.2.1	7.2.2
pycparser	2.23	3.0
pyjwt	2.10.1	2.11.0
pytokens	0.4.0	0.4.1
soupsieve	2.8.2	2.8.3
types-deprecated	1.3.1.20251101	1.3.1.20260130
wcwidth	0.2.14	0.5.3
wrapt	2.0.1	2.1.0

Updates oracledb from 3.4.1 to 3.4.2

Release notes

Sourced from oracledb's releases.

v3.4.2

python-oracledb 3.4.2 is now released. This release addresses a number of issues. See the full release notes for all of the details.

Commits

• 51581ee Preparing to release python-oracledb 3.4.2.
• 81ceb55 Fixed bug which caused Connection.call_timeout to be reset to zero when
• 4a94025 Eliminated memory leak when converting a third party data frame to one
• 36a2951 Fixed bug when decoding PL/SQL booleans in Oracle Database 12.1 (#565).
• 6072f01 Grammar fix.
• f8be001 Fixed bug causing hang when using asyncio and the database closes the
• 6e0d8b9 Eliminated race condition in background thread/coroutine management for
• 40200bf Adjusted code and tests to be capable of being run in environments other
• 36f8899 Added support for ingesting Arrow arrays which only consist of null
• 7bf23b6 Fixed bug when calling Cursor.executemany() with all of the values in at
• Additional commits viewable in compare view

Updates ruff from 0.14.13 to 0.14.14

Release notes

Sourced from ruff's releases.

0.14.14

Release Notes

Released on 2026-01-22.

Preview features

• Preserve required parentheses in lambda bodies (#22747)
• Combine range suppression code diagnostics (#22613)
• [airflow] Second positional argument to Asset/Dataset should not be a dictionary (AIR303) (#22453)
• [ruff] Detect duplicate entries in __all__ (RUF068) (#22114)

Bug fixes

• [pyupgrade] Allow shadowing non-builtin bindings (UP029) (#22749)
• [pyupgrade] Apply UP045 to string arguments of typing.cast (#22320)
• [flake8-pie] Detect duplicated declared class fields in PIE794 (#22717)

Rule changes

• [flake8-pyi] Fix inconsistent handling of forward references for __new__, __enter__, __aenter__ in PYI034 (#22798)
• [flake8-pytest-style] Support check parameter in PT011 (#22725)
• [ruff] Add exception for ctypes.Structure._fields_ (RUF012) (#22559)
• Many fixes are now marked unsafe if they would remove comments:
  • [flake8-bugbear] B009, B010, B013, B014, B033
  • [flake8-simplify] SIM910, SIM911
  • [pyupgrade] UP007, UP039, UP041, UP045
  • [refurb] FURB105, FURB116, FURB136, FURB140, FURB145, FURB154, FURB157, FURB164,FURB181, FURB188
  • [ruff] RUF019, RUF020

Documentation

• Add --exit-non-zero-on-format to formatter exit codes section (#22761)
• Update contributing guide for adding a new rule (#22779)
• [FastAPI] Document fix safety for FAST001 (#22655)
• [flake8-async] Tweak explanation to focus on latency/efficiency tradeoff (ASYNC110) (#22715)
• [pandas-vet] Make example error out-of-the-box (PD002) (#22561)
• [refurb] Make the example work out of box (FURB101) (#22770)
• [refurb] Make the example work out of box (FURB103) (#22769)

Contributors

• @​alejsdev
• @​ntBre
• @​caiquejjx
• @​chirizxc
• @​denyszhak
• @​sjyangkevin
• @​MeGaGiGaGon
• @​leandrobbraga

... (truncated)

Changelog

Sourced from ruff's changelog.

0.14.14

Released on 2026-01-22.

Preview features

• Preserve required parentheses in lambda bodies (#22747)
• Combine range suppression code diagnostics (#22613)
• [airflow] Second positional argument to Asset/Dataset should not be a dictionary (AIR303) (#22453)
• [ruff] Detect duplicate entries in __all__ (RUF068) (#22114)

Bug fixes

• [pyupgrade] Allow shadowing non-builtin bindings (UP029) (#22749)
• [pyupgrade] Apply UP045 to string arguments of typing.cast (#22320)
• [flake8-pie] Detect duplicated declared class fields in PIE794 (#22717)

Rule changes

• [flake8-pyi] Fix inconsistent handling of forward references for __new__, __enter__, __aenter__ in PYI034 (#22798)
• [flake8-pytest-style] Support check parameter in PT011 (#22725)
• [ruff] Add exception for ctypes.Structure._fields_ (RUF012) (#22559)
• Many fixes are now marked unsafe if they would remove comments:
  • [flake8-bugbear] B009, B010, B013, B014, B033
  • [flake8-simplify] SIM910, SIM911
  • [pyupgrade] UP007, UP039, UP041, UP045
  • [refurb] FURB105, FURB116, FURB136, FURB140, FURB145, FURB154, FURB157, FURB164,FURB181, FURB188
  • [ruff] RUF019, RUF020

Documentation

• Add --exit-non-zero-on-format to formatter exit codes section (#22761)
• Update contributing guide for adding a new rule (#22779)
• [FastAPI] Document fix safety for FAST001 (#22655)
• [flake8-async] Tweak explanation to focus on latency/efficiency tradeoff (ASYNC110) (#22715)
• [pandas-vet] Make example error out-of-the-box (PD002) (#22561)
• [refurb] Make the example work out of box (FURB101) (#22770)
• [refurb] Make the example work out of box (FURB103) (#22769)

Contributors

• @​alejsdev
• @​ntBre
• @​caiquejjx
• @​chirizxc
• @​denyszhak
• @​sjyangkevin
• @​MeGaGiGaGon
• @​leandrobbraga
• @​MichaReiser

... (truncated)

Commits

• 8b2e7b3 Prepare release v0.14.14 (#22813)
• 4c7d1f5 [ty] Infer TypedDict types with >=1 required key as being always truthy (#2...
• b7de434 add CCfW hooks (#22803)
• b912dfc [pyupgrade] Apply UP045 to string arguments of typing.cast (#22320)
• 1ff062d [ty] Improve completion rankings for raise-from/except contexts (#22775)
• 7e408a5 Update dependency wrangler to v4.59.1 (#22793)
• ceb876b [flake8-pyi] Fix inconsistent handling of forward references for __new__,...
• c5b4ee6 [ty] Support solving generics involving PEP 695 type aliases (#22678)
• b9a6129 [ty] Improve support for kwarg splats in dictionary literals (#22781)
• f516d47 Update contributing guide for adding a new rule (#22779)
• Additional commits viewable in compare view

Updates types-python-dateutil from 2.9.0.20251115 to 2.9.0.20260124

Commits

• See full diff in compare view

Updates coverage from 7.13.1 to 7.13.2

Changelog

Sourced from coverage's changelog.

Version 7.13.2 — 2026-01-25

• Fix: when Python is installed via symlinks, for example with Homebrew, the standard library files could be incorrectly included in coverage reports. This is now fixed, closing issue 2115_.

• Fix: if a data file is created with no read permissions, the combine step would fail completely. Now a warning is issued and the file is skipped. Closes issue 2117_.

.. _issue 2115: coveragepy/coveragepy#2115 .. _issue 2117: coveragepy/coveragepy#2117

.. _changes_7-13-1:

Commits

• 513e971 docs: sample HTML for 7.13.2
• 27a8230 docs: prep for 7.13.2
• 27d8daa refactor: plural does more
• a2f248c fix: stdlib might be through a symlink. #2115
• bc52a22 debug: re-organize Matchers to show more of what they do
• f338d81 debug: build is a tuple, don't show it on two lines
• 92020e4 refactor(test): convert to parametrized
• 6387d0a test: let (most) tests run with no network
• 1d31e33 build: workflows sometimes need more than 10 min
• 6294978 refactor: an error message is now uniform across versions
• Additional commits viewable in compare view

Updates cryptography from 46.0.3 to 46.0.4

Changelog

Sourced from cryptography's changelog.

46.0.4 - 2026-01-27

* `Dropped support for win_arm64 wheels`_.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.
.. _v46-0-3:

Commits

• e6f44fc bump for 46.0.4 and drop win arm64 due to CI issues (#14217)
• See full diff in compare view

Updates debugpy from 1.8.19 to 1.8.20

Release notes

Sourced from debugpy's releases.

debugpy v1.8.20

Fixes for:

• annotate in 3.14 causing exceptions: microsoft/debugpy#1971

Enhancements:

• Use remote_exec if available: microsoft/debugpy@c7e86a1
• Support more architectures: microsoft/debugpy@1bbecdf

Infrastructure work:

• Support devcontainers for development: microsoft/debugpy@7dbc229

Thanks to @​rameshvarun, @​Xeonacid, and @​pdepetro for the commits

Commits

• 7ac3d1f Try 6 on this file (#1995)
• e164613 O365 new advice (#1994)
• 4cbf8b1 Try another suppression (#1993)
• ea9fcae Try a different way to suppress binskim problems (#1992)
• ea2746a Add LTCG flags to compile_windows.bat for BinSkim BA6006 compliance (#1991)
• 7dbc229 Added devcontainer specification (#1989)
• bb450fc Fix: Treat annotate functions as library code in Python 3.14+ (#1988)
• 1bbecdf Better experience for unsupported arch (#1984)
• c7e86a1 Use sys.remote_exec() to attach to pid, if available (#1986)
• See full diff in compare view

Updates google-auth from 2.47.0 to 2.48.0

Release notes

Sourced from google-auth's releases.

google-auth 2.48.0

2.48.0 (2026-01-21)

Features

• honor NO_GCE_CHECK environment variable (#1610) (383c9827)

• add configurable GCE Metadata Server retries (#1488) (454b441b)

• add cryptography as required dependency (#1929) (52558ae2)

• Support the mTLS IAM domain for Certificate based Access (#1938) (8dcf91a1)

Bug Fixes

• resolve circular imports (#1942) (25c1b064)

• Use user_verification=preferred for ReAuth WebAuthn challenge (#1798) (3f88a240)

• removes content-header from AWS IMDS get request (#1934) (97bfea9e)

• detect correct auth when ADC env var is set but empty (#1374) (bfc07e10)

• replace deprecated utcfromtimestamp (#1799) (e431f20c)

v2.48.0rc0

2.48.0rc0 (2026-01-20)

Features

• honor NO_GCE_CHECK environment variable (#1610) (383c98)
• add configurable GCE Metadata Server retries (#1488) (454b44)
• support mTLS IAM domain for Certificate based Access (#1938) (8dcf91)
• add cryptography as required dependency (#1929) (52558a)

Bug Fixes

• Use user_verification=preferred for ReAuth WebAuthn challenge (#1798) (3f88a2)
• replace deprecated utcfromtimestamp (#1799) (e431f2)
• detect correct auth when ADC env var is set by empty (#1374) (bfc07e)
• removed content-header from AWS IMDS (#1934) (97bfea)
• resolve circular imports (#1942) (25c1b0)

Changelog

Sourced from google-auth's changelog.

2.48.0 (2026-01-22)

Features

• add cryptography as required dependency (#1929) (52558ae2881b1e6555f6f5c0d76365c15807ead9)
• Support the mTLS IAM domain for Certificate based Access (#1938) (8dcf91a1b05c85fbbd0bcee78d66e498099102ab)
• add configurable GCE Metadata Server retries (#1488) (454b441b478ec62bbf1a6ad5bceb6c7cbbfd0c37)
• honor NO_GCE_CHECK environment variable (#1610) (383c9827536d9376e8248370ce4c2b83e468d027)

Bug Fixes

• resolve circular imports (#1942) (25c1b064545702cbef087cfcd15fbbb6ef1af74f)
• removes content-header from AWS IMDS get request (#1934) (97bfea9e02ede953fc8ee154e0deed3a3cfc6dcc)
• detect correct auth when ADC env var is set but empty (#1374) (bfc07e1050bd0aa86fa3b08cdf70c9b68b5fe6a2)
• replace deprecated utcfromtimestamp (#1799) (e431f20cf73ccac71926a23ec454468cea92e053)
• Use user_verification=preferred for ReAuth WebAuthn challenge (#1798) (3f88a24089c4ee6822d510de0db210b54260d873)

Commits

• 6a982be chore: librarian release pull request: 20260121T162706Z (#1946)
• 526d6c6 chore(tests): add cryptography to constraints file (#1944)
• 52558ae feat: add cryptography as required dependency (#1929)
• 8dcf91a feat(iam): Support the mTLS IAM domain for Certificate based Access (#1938)
• db17a64 chore(tests): add sleep mocks (#1943)
• 25c1b06 fix: resolve circular imports (#1942)
• e5a28b5 tests: system tests for expired User Credentials (#1937)
• 4292ab0 chore(deps): update dependency google-cloud-compute to v1.42.0 (#1939)
• 4848ac4 chore: extracts unit tests to individual github actions (#1941)
• 71e6e8e chore: dedent deprecation warning message (#1932)
• Additional commits viewable in compare view

Updates multidict from 6.7.0 to 6.7.1

Release notes

Sourced from multidict's releases.

6.7.1

Bug fixes

• Fixed slow memory leak caused by identity by adding Py_DECREF to identity value before leaving md_pop_one on success -- by :user:Vizonex.

  Related issues and pull requests on GitHub: #1284.

---

Changelog

Sourced from multidict's changelog.

6.7.1

(2026-01-25)

Bug fixes

• Fixed slow memory leak caused by identity by adding Py_DECREF to identity value before leaving md_pop_one on success -- by :user:Vizonex.

  Related issues and pull requests on GitHub: :issue:1284.

---

Commits

• 39d3c32 Release 6.7.1 (#1289)
• 77bb95e Fix memory leak caused by identity when default value is inplace (#1284)
• 87dd4a4 Bump dependabot/fetch-metadata from 2.4.0 to 2.5.0 (#1287)
• 6c76412 Bump actions/cache from 4 to 5 (#1275)
• b91a033 Bump actions/upload-artifact from 4 to 6 (#1277)
• 84bf82c Bump psutil from 7.1.3 to 7.2.1 (#1279)
• 3f7b3ce Bump pypa/cibuildwheel from 3.3.0 to 3.3.1 (#1280)
• bbae902 Bump sigstore/gh-action-sigstore-python from 3.1.0 to 3.2.0 (#1274)
• 000b5b0 Remove follow_untyped_imports for mypy-sphinx (#1286)
• 3d2d630 Bump actions/download-artifact from 6 to 7 (#1276)
• Additional commits viewable in compare view

Updates packaging from 25.0 to 26.0

Release notes

Sourced from packaging's releases.

26.0

Read about the performance improvements here: https://iscinumpy.dev/post/packaging-faster.

What's Changed

Features:

• PEP 751: support pylock by @​sbidoul in pypa/packaging#900
• PEP 794: import name metadata by @​brettcannon in pypa/packaging#948
• Support writing metadata by @​henryiii in pypa/packaging#846
• Support __replace__ for Version by @​henryiii in pypa/packaging#1003
• Support positional pattern matching for Version and Specifier by @​henryiii in pypa/packaging#1004

Behavior adaptations:

• PEP 440 handling of prereleases for Specifier.contains, SpecifierSet.contains, and SpecifierSet.filter by @​notatallshaw in pypa/packaging#897
• Handle PEP 440 edge case in SpecifierSet.filter by @​notatallshaw in pypa/packaging#942
• Adjust arbitrary equality intersection preservation in SpecifierSet by @​notatallshaw in pypa/packaging#951
• Return False instead of raising for .contains with invalid version by @​Liam-DeVoe in pypa/packaging#932
• Support arbitrary equality on arbitrary strings for Specifier and SpecifierSet's filter and contains method. by @​notatallshaw in pypa/packaging#954
• Only try to parse as Version on certain marker keys, return False on unequal ordered comparsions by @​JP-Ellis in pypa/packaging#939

Fixes:

• Update _hash when unpickling Tag() by @​dholth in pypa/packaging#860
• Correct comment and simplify implicit prerelease handling in Specifier.prereleases by @​notatallshaw in pypa/packaging#896
• Use explicit _GLibCVersion NamedTuple in _manylinux by @​cthoyt in pypa/packaging#868
• Detect invalid license expressions containing () by @​bwoodsend in pypa/packaging#879
• Correct regex for metadata 'name' format by @​di in pypa/packaging#925
• Improve the message around expecting a semicolon by @​pradyunsg in pypa/packaging#833
• Support nested parens in license expressions by @​Liam-DeVoe in pypa/packaging#931
• Add space before at symbol in Requirements string by @​henryiii in pypa/packaging#953
• A root logger use found by ruff LOG, use packaging logger instead by @​henryiii in pypa/packaging#965
• Better support for subclassing Marker and Requirement by @​henryiii in pypa/packaging#1022
• Normalize all extras, not just if it comes first by @​henryiii in pypa/packaging#1024
• Don't produce a broken repr if Marker fails to construct by @​henryiii in pypa/packaging#1033

Performance:

• Avoid recompiling regexes in the tokenizer for a 3x speedup by @​hauntsaninja in pypa/packaging#1019
• Improve performance in _manylinux.py by @​cthoyt in pypa/packaging#869
• Minor cleanups to Version by @​bearomorphism in pypa/packaging#913
• Skip redundant creation of Versions in specifier comparison by @​notatallshaw in pypa/packaging#986
• Cache Specifier's Version by @​notatallshaw in pypa/packaging#985
• Make Version a little faster by @​henryiii in pypa/packaging#987
• Minor Version regex cleanup by @​henryiii in pypa/packaging#990
• Faster regex on Python 3.11.5+ by @​henryiii in pypa/packaging#988 and pypa/packaging#1055
• Lazily calculate _key in Version by @​notatallshaw in pypa/packaging#989 and regression for packaging_legacy fixed by @​henryiii in pypa/packaging#1048
• Faster canonicalize_version by @​henryiii in pypa/packaging#993
• Use fullmatch in a couple more places by @​henryiii in pypa/packaging#992

... (truncated)

Changelog

Sourced from packaging's changelog.

26.0 - 2026-01-20

Features:

PEP 751: support pylock (:pull:900)
PEP 794: import name metadata (:pull:948)
Support for writing metadata to a file (:pull:846)
Support __replace__ on Version (:pull:1003)
Support positional pattern matching for Version and SpecifierSet (:pull:1004)

Behavior adaptations:

PEP 440 handling of prereleases for Specifier.contains, SpecifierSet.contains, and SpecifierSet.filter (:pull:897)
Handle PEP 440 edge case in SpecifierSet.filter (:pull:942)
Adjust arbitrary equality intersection preservation in SpecifierSet (:pull:951)
Return False instead of raising for .contains with invalid version (:pull:932)
Support arbitrary equality on arbitrary strings for Specifier and SpecifierSet's filter and contains method. (:pull:954)
Only try to parse as Version on certain marker keys, return False on unequal ordered comparisons (:pull:939)

Fixes:

Update _hash when unpickling Tag() (:pull:860)
Correct comment and simplify implicit prerelease handling in Specifier.prereleases (:pull:896)
Use explicit _GLibCVersion NamedTuple in _manylinux (:pull:868)
Detect invalid license expressions containing () (:pull:879)
Correct regex for metadata 'name' format (:pull:925)
Improve the message around expecting a semicolon (:pull:833)
Support nested parens in license expressions (:pull:931)
Add space before at symbol in Requirements string (:pull:953)
A root logger use found, use a packaging logger instead (:pull:965)
Better support for subclassing Marker and Requirement (:pull:1022)
Normalize all extras, not just if it comes first (:pull:1024)
Don't produce a broken repr if Marker fails to construct (:pull:1033)

Performance:

Avoid recompiling regexes in the tokenizer for a 3x speedup (:pull:1019)
Improve performance in _manylinux.py (:pull:869)
Minor cleanups to Version (:pull:913)
Skip redundant creation of Version's in specifier comparison (:pull:986)
Cache the Specifier's Version (:pull:985)
Make Version a little faster (:pull:987)
Minor Version regex cleanup (:pull:990)
Faster regex on Python 3.11.5+ for Version (:pull:988, :pull:1055)
Lazily calculate _key in Version (:pull:989, :pull:1048)
Faster canonicalize_version (:pull:993)
Use re.fullmatch in a couple more places (:pull:992, :pull:1029)
Use map instead of generator (:pull:996)
Deprecate ._version (_Version, a NamedTuple) (:pull:995, :pull:1062)

</tr></table>

... (truncated)

Commits

• 3b77a26 Bump for release
• 31371cc docs: prepare for 26.0 final (#1063)
• 9627a88 perf: dual replace (#1064)
• d5398b8 fix: restore ._version as a compat shim (#1062)
• 3a7b600 Bump for development
• d4eefdc Bump for release
• 4618912 docs: prepare for 26.0rc3 (#1060)
• 0cf1b41 ci: test on first public release of CPythons (#1056)
• 716beb1 perf: 10% faster stripping zeros (#1058)
• 350a230 fix: support CPython 3.11.0-3.11.4 and older PyPy3.11 (#1055)
• Additional commits viewable in compare view

Updates pathspec from 1.0.3 to 1.0.4

Release notes

Sourced from pathspec's releases.

v1.0.4

Release v1.0.4. See CHANGES.rst.

Changelog

Sourced from pathspec's changelog.

1.0.4 (2026-01-26)

• Issue [#103](https://github.com/cpburnz/python-pathspec/issues/103)_: Using re2 fails if pyre2 is also installed.

.. _Issue [#103](https://github.com/cpburnz/python-pathspec/issues/103): cpburnz/python-pathspec#103

Commits

• 39f02a9 Release v1.0.4
• 529c0f8 Improve testpypi
• 01057ce Fix 103
• 593a859 Improve testpypi
• See full diff in compare view

Updates protobuf from 6.33.4 to 6.33.5

Release notes

Sourced from protobuf's releases.

Protocol Buffers v34.0-rc1

Announcements

• This version includes breaking changes to: C++, Objective-C, PHP, Python.
• [Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (protocolbuffers/protobuf@0a5c2f6)
• [C++] Make generator headers private (protocolbuffers/protobuf@3a2af35)
• [C++] Add a debug check that the target of CopyFrom is not a descendant of the source. (protocolbuffers/protobuf@7a75898)
• [C++] Add [[nodiscard]] to many APIs. (protocolbuffers/protobuf@a70115f)
• [C++] Make the arena-enabled constructors of RepeatedField, RepeatedPtrField, and Map private. (protocolbuffers/protobuf@ef890c3)
• [C++] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (protocolbuffers/protobuf@b76faa9)
• [C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria that takes a raw pointer as an argument in favor of the overload that takes a unique_ptr. Remove macro PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (protocolbuffers/protobuf@b115358)
• [C++] Remove deprecated FieldDescriptor::has_optional_keyword() in OSS. Use is_repeated() or has_presence() instead (protocolbuffers/protobuf@68346ec)
• [C++] Remove AddUnusedImportTrackFile() and ClearUnusedImportTrackFiles(). Remove PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (protocolbuffers/protobuf@837a2cd)
• [C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use (!is_required() && !is_repeated()) instead (protocolbuffers/protobuf@9dbc5d4)
• [C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (protocolbuffers/protobuf@c301c2c)
• [C++] All entity names have length limit (2afb0dc)
• [ObjC] Remove generate_minimal_imports generation option warning (protocolbuffers/protobuf@45b1297)
• [ObjC] Fix nullability annotations on some GPB*Dictionary types. (protocolbuffers/protobuf@ea67d6d)
• [ObjC] Remove -[GPBFieldDescriptor optional] (