build: Bump the python group across 1 directory with 6 updates

[dependabot]

Bumps the python group with 6 updates in the / directory:

Package	From	To
poetry	2.1.3	2.2.1
isort	6.0.1	6.1.0
ruff	0.13.0	0.14.3
mypy	1.17.1	1.18.2
pyupgrade	3.20.0	3.21.0
hypothesis	6.138.15	6.141.1

Updates poetry from 2.1.3 to 2.2.1

Release notes

Sourced from poetry's releases.

2.2.1

Fixed

• Fix an issue where poetry self show failed with a message about an invalid output format (#10560).

Docs

• Remove outdated statements about dependency groups (#10561).

poetry-core (2.2.1)

• Fix an issue where it was not possible to declare a PEP 735 dependency group as optional (#888).

2.2.0

Added

• Add support for nesting dependency groups (#10166).
• Add support for PEP 735 dependency groups (#10130).
• Add support for PEP 639 license clarity (#10413).
• Add a --format option to poetry show to alternatively output json format (#10487).
• Add official support for Python 3.14 (#10514).

Changed

• Normalize dependency group names (#10387).
• Change installer.no-binary and installer.only-binary so that explicit package names will take precedence over :all: (#10278).
• Improve log output during poetry install when a wheel is built from source (#10404).
• Improve error message in case a file lock could not be acquired while cloning a git repository (#10535).
• Require dulwich>=0.24.0 (#10492).
• Allow virtualenv>=20.33 again (#10506).
• Allow findpython>=0.7 (#10510).
• Allow importlib-metadata>=8.7 (#10511).

Fixed

• Fix an issue where poetry new did not create the project structure in an existing empty directory (#10431).
• Fix an issue where a dependency that was required for a specific Python version was not installed into an environment of a pre-release Python version (#10516).

poetry-core (2.2.0)

• Deprecate table values and values that are not valid SPDX expressions for [project.license] (#870).
• Fix an issue where explicitly included files that are in .gitignore were not included in the distribution (#874).
• Fix an issue where marker operations could result in invalid markers (#875).

2.1.4

Changed

• Require virtualenv<20.33 to work around an issue where Poetry uses the wrong Python version (#10491).
• Improve the error messages for the validation of the pyproject.toml file (#10471).

... (truncated)

Changelog

Sourced from poetry's changelog.

[2.2.1] - 2025-09-21

Fixed

• Fix an issue where poetry self show failed with a message about an invalid output format (#10560).

Docs

• Remove outdated statements about dependency groups (#10561).

poetry-core (2.2.1)

• Fix an issue where it was not possible to declare a PEP 735 dependency group as optional (#888).

[2.2.0] - 2025-09-14

Added

• Add support for nesting dependency groups (#10166).
• Add support for PEP 735 dependency groups (#10130).
• Add support for PEP 639 license clarity (#10413).
• Add a --format option to poetry show to alternatively output json format (#10487).
• Add official support for Python 3.14 (#10514).

Changed

• Normalize dependency group names (#10387).
• Change installer.no-binary and installer.only-binary so that explicit package names will take precedence over :all: (#10278).
• Improve log output during poetry install when a wheel is built from source (#10404).
• Improve error message in case a file lock could not be acquired while cloning a git repository (#10535).
• Require dulwich>=0.24.0 (#10492).
• Allow virtualenv>=20.33 again (#10506).
• Allow findpython>=0.7 (#10510).
• Allow importlib-metadata>=8.7 (#10511).

Fixed

• Fix an issue where poetry new did not create the project structure in an existing empty directory (#10431).
• Fix an issue where a dependency that was required for a specific Python version was not installed into an environment of a pre-release Python version (#10516).

poetry-core (2.2.0)

• Deprecate table values and values that are not valid SPDX expressions for [project.license] (#870).
• Fix an issue where explicitly included files that are in .gitignore were not included in the distribution (#874).
• Fix an issue where marker operations could result in invalid markers (#875).

[2.1.4] - 2025-08-05

Changed

... (truncated)

Commits

• b9e5d79 release: bump version to 2.2.1
• 8539022 docs: remove outdated statements (#10561)
• 8e3c537 fix poetry self show (#10560)
• 4dba0e1 release: bump version to 2.2.0
• 0575399 ensure Python 3.14 compatibility (#10514)
• 651a8c0 tests: make tests independent of currently available Python versions (#10547)
• 19146aa tests: fix deprecation warning (#10545)
• c067095 keep deprecation a little longer since it does not really hurt (#10544)
• 2516335 docs: add dependency-groups example with include-group (#10543)
• 985449a chore: update actions (#10542)
• Additional commits viewable in compare view

Updates isort from 6.0.1 to 6.1.0

Release notes

Sourced from isort's releases.

6.1.0

Changes

• Update docs discussions channel (#2410) @​staticdev
• Add python 3.14 classifier and badge (#2409) @​staticdev
• Drop use of non-standard pkg_resources API (#2405) @​dvarrazzo
• Use working isort version in pre-commit example (#2402) @​iainelder
• fix typo in _get_files_from_dir_cached test (#2392) @​tiltingpenguin
• Resolve bandit warnings (#2379) @​kurtmckee
• Add tox for cross-platform, parallel test suite execution (#2378) @​kurtmckee
• Add Project URLs to PyPI Side Panel (#2387) @​guillermodotn
• Fix typos (#2376) @​co63oc

👷 Continuous Integration

• Add make bash scripts portable (#2377) @​staticdev

📦 Dependencies

• Bump actions/checkout from 4 to 5 in the github-actions group (#2406) @dependabot[bot]
• Bump astral-sh/setup-uv from 5 to 6 in the github-actions group (#2395) @dependabot[bot]

Changelog

Sourced from isort's changelog.

6.1.0 October 1 2025

• Add python 3.14 classifier and badge (#2409) @​staticdev
• Drop use of non-standard pkg_resources API (#2405) @​dvarrazzo

Commits

• ec0efae Merge pull request #2410 from PyCQA/docs/discussion
• 8af675f Update docs discussions channel
• a03dae8 Merge pull request #2409 from PyCQA/build/py314-classifier
• 2232a26 Add python 3.14 classifier and badge
• ec48dd7 Merge pull request #2405 from dvarrazzo/fix/drop-pkg-resources
• be46cd4 refactor: make importlib metadata package import lazy
• 18ecd0c chore: drop branch guarding unsupported Python versions
• 1d42e56 fix: drop use of non-standard pkg_resources API
• 0c8fc82 Merge pull request #2406 from PyCQA/dependabot/github_actions/github-actions-...
• 3478763 Bump actions/checkout from 4 to 5 in the github-actions group
• Additional commits viewable in compare view

Updates ruff from 0.13.0 to 0.14.3

Release notes

Sourced from ruff's releases.

0.14.3

Release Notes

Released on 2025-10-30.

Preview features

• Respect --output-format with --watch (#21097)
• [pydoclint] Fix false positive on explicit exception re-raising (DOC501, DOC502) (#21011)
• [pyflakes] Revert to stable behavior if imports for module lie in alternate branches for F401 (#20878)
• [pylint] Implement stop-iteration-return (PLR1708) (#20733)
• [ruff] Add support for additional eager conversion patterns (RUF065) (#20657)

Bug fixes

• Fix finding keyword range for clause header after statement ending with semicolon (#21067)
• Fix syntax error false positive on nested alternative patterns (#21104)
• [ISC001] Fix panic when string literals are unclosed (#21034)
• [flake8-django] Apply DJ001 to annotated fields (#20907)
• [flake8-pyi] Fix PYI034 to not trigger on metaclasses (PYI034) (#20881)
• [flake8-type-checking] Fix TC003 false positive with future-annotations (#21125)
• [pyflakes] Fix false positive for __class__ in lambda expressions within class definitions (F821) (#20564)
• [pyupgrade] Fix false positive for TypeVar with default on Python <3.13 (UP046,UP047) (#21045)

Rule changes

• Add missing docstring sections to the numpy list (#20931)
• [airflow] Extend airflow.models..Param check (AIR311) (#21043)
• [airflow] Warn that airflow....DAG.create_dagrun has been removed (AIR301) (#21093)
• [refurb] Preserve digit separators in Decimal constructor (FURB157) (#20588)

Server

• Avoid sending an unnecessary "clear diagnostics" message for clients supporting pull diagnostics (#21105)

Documentation

• [flake8-bandit] Fix correct example for S308 (#21128)

Other changes

• Clearer error message when line-length goes beyond threshold (#21072)

Contributors

• @​danparizher
• @​jvacek
• @​ntBre
• @​augustelalande
• @​prakhar1144

... (truncated)

Changelog

Sourced from ruff's changelog.

0.14.3

Released on 2025-10-30.

Preview features

• Respect --output-format with --watch (#21097)
• [pydoclint] Fix false positive on explicit exception re-raising (DOC501, DOC502) (#21011)
• [pyflakes] Revert to stable behavior if imports for module lie in alternate branches for F401 (#20878)
• [pylint] Implement stop-iteration-return (PLR1708) (#20733)
• [ruff] Add support for additional eager conversion patterns (RUF065) (#20657)

Bug fixes

• Fix finding keyword range for clause header after statement ending with semicolon (#21067)
• Fix syntax error false positive on nested alternative patterns (#21104)
• [ISC001] Fix panic when string literals are unclosed (#21034)
• [flake8-django] Apply DJ001 to annotated fields (#20907)
• [flake8-pyi] Fix PYI034 to not trigger on metaclasses (PYI034) (#20881)
• [flake8-type-checking] Fix TC003 false positive with future-annotations (#21125)
• [pyflakes] Fix false positive for __class__ in lambda expressions within class definitions (F821) (#20564)
• [pyupgrade] Fix false positive for TypeVar with default on Python <3.13 (UP046,UP047) (#21045)

Rule changes

• Add missing docstring sections to the numpy list (#20931)
• [airflow] Extend airflow.models..Param check (AIR311) (#21043)
• [airflow] Warn that airflow....DAG.create_dagrun has been removed (AIR301) (#21093)
• [refurb] Preserve digit separators in Decimal constructor (FURB157) (#20588)

Server

• Avoid sending an unnecessary "clear diagnostics" message for clients supporting pull diagnostics (#21105)

Documentation

• [flake8-bandit] Fix correct example for S308 (#21128)

Other changes

• Clearer error message when line-length goes beyond threshold (#21072)

Contributors

• @​danparizher
• @​jvacek
• @​ntBre
• @​augustelalande
• @​prakhar1144
• @​TaKO8Ki

... (truncated)

Commits

• 8737a2d Bump v0.14.3 (#21152)
• 3be3a10 [ty] Don't provide completions when in class or function definition (#21146)
• 13375d0 [ty] Use the top materialization of classes for narrowing in class-patterns f...
• c0b04d4 [ty] Update "constraint implication" relation to work on constraints between ...
• 1c7ea69 [flake8-type-checking] Fix TC003 false positive with future-annotations...
• 9bacd19 [ty] Fix lookup of __new__ on instances (#21147)
• f0fe6d6 Fix syntax error false positive on nested alternative patterns (#21104)
• 10bda3d [pyupgrade] Fix false positive for TypeVar with default on Python <3.13 (...
• e55bc94 [ty] Reachability and narrowing for enum methods (#21130)
• 1b0ee46 [ty] Use range instead of custom IntIterable (#21138)
• Additional commits viewable in compare view

Updates mypy from 1.17.1 to 1.18.2

Changelog

Sourced from mypy's changelog.

Mypy 1.18.2

• Fix crash on recursive alias (Ivan Levkivskyi, PR 19845)
• Add additional guidance for stubtest errors when runtime is object.__init__ (Stephen Morton, PR 19733)
• Fix handling of None values in f-string expressions in mypyc (BobTheBuidler, PR 19846)

Acknowledgements

Thanks to all mypy contributors who contributed to this release:

• Ali Hamdan
• Anthony Sottile
• BobTheBuidler
• Brian Schubert
• Chainfire
• Charlie Denton
• Christoph Tyralla
• CoolCat467
• Daniel Hnyk
• Emily
• Emma Smith
• Ethan Sarp
• Ivan Levkivskyi
• Jahongir Qurbonov
• Jelle Zijlstra
• Joren Hammudoglu
• Jukka Lehtosalo
• Marc Mueller
• Omer Hadari
• Piotr Sawicki
• PrinceNaroliya
• Randolf Scholz
• Robsdedude
• Saul Shanabrook
• Shantanu
• Stanislav Terliakov
• Stephen Morton
• wyattscarpenter

I’d also like to thank my employer, Dropbox, for supporting mypy development.

Mypy 1.17

We’ve just uploaded mypy 1.17 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

... (truncated)

Commits

• df05f05 remove +dev from version
• 01a7a12 Update changelog for 1.18.2 (#19873)
• ca5abf0 Typeshed cherry-pick: Make type of unitest.mock.Any a subclass of Any (#1...
• 9d794b5 [mypyc] fix: inappropriate Nones in f-strings (#19846)
• 2c0510c stubtest: additional guidance on errors when runtime is object.init (#19733)
• 2f3f03c Bump version to 1.18.2+dev for point release
• 7669841 Fix crash on recursive alias in indirection.py (#19845)
• 03fbaa9 bump version to 1.18.1 due to wheels failure
• b44a1fb removed +dev from version
• 7197a99 Removed Unreleased in the Changelog for Release 1.18 (#19827)
• Additional commits viewable in compare view

Updates pyupgrade from 3.20.0 to 3.21.0

Commits

• f90119b v3.21.0
• 8a237c9 Merge pull request #1034 from asottile/py314
• 6f1d9c5 regenerate symbols for --py314-plus
• 70fcfb4 Merge pull request #1033 from asottile/pre-commit-ci-update-config
• 5b443e0 [pre-commit.ci] pre-commit autoupdate
• c02489c Merge pull request #1031 from asottile/pre-commit-ci-update-config
• fe2ab32 [pre-commit.ci] pre-commit autoupdate
• 1b2ebe8 Merge pull request #1029 from asottile/pre-commit-ci-update-config
• 97f5982 [pre-commit.ci] pre-commit autoupdate
• 7da659f Merge pull request #1025 from asottile/pre-commit-ci-update-config
• Additional commits viewable in compare view

Updates hypothesis from 6.138.15 to 6.141.1

Release notes

Sourced from hypothesis's releases.

Hypothesis for Python - version 6.141.1

Fixes an error when using the Ghostwriter with annotations that include "typing.ForwardRef" on Python 3.14 (issue #4565).

The canonical version of these notes (with links) is on readthedocs.

Hypothesis for Python - version 6.141.0

The "from_field()" and "from_form()" strategies from our Django extra now support "FileField".

Thanks to Arjoonn Sharma for this fix!

The canonical version of these notes (with links) is on readthedocs.

Hypothesis for Python - version 6.140.4

Clean up internal "@​overload" type annotations.

The canonical version of these notes (with links) is on readthedocs.

Hypothesis for Python - version 6.140.3

Fixes our bundled "run_conformance_test()" not respecting "avoid_realization".

The canonical version of these notes (with links) is on readthedocs.

Hypothesis for Python - version 6.140.2

The automatic switch to the CI "settings profile" now works under tox (for "tox >= 4.30.0").

The canonical version of these notes (with links) is on readthedocs.

Hypothesis for Python - version 6.140.1

This patch re-enables the warning for incompatible "shared()" strategies that was first enabled in v6.133.0 but disabled in v6.135.15.

The canonical version of these notes (with links) is on readthedocs.

Hypothesis for Python - version 6.140.0

"characters()" now validates that the elements of the "exclude_characters" and "include_characters" arguments are single characters, which was always assumed internally. For example, "exclude_characters=["a", "b"]" is valid while "exclude_characters=["ab"]" will now raise an error up-front.

The canonical version of these notes (with links) is on readthedocs.

Hypothesis for Python - version 6.139.3

Add "phase" to the hypothesis-specific metadata in observability.

... (truncated)

Commits

• 64eb8fa Bump hypothesis-python version to 6.141.1 and update changelog
• dce1794 Merge pull request #4566 from Liam-DeVoe/fix-ghostwriter
• 4a8a37f avoid name collision
• 14ee7c1 fix ghostwriter error on 3.14
• 7b764c1 Bump hypothesis-python version to 6.141.0 and update changelog
• f30b6c0 Merge pull request #4121 from theSage21/from_form
• 2fabea4 better test
• 5d59662 Merge branch 'master' into from_form
• d0d7cd0 reword release
• e4e3294 Bump hypothesis-python version to 6.140.4 and update changelog
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions