Bump the python-minor group across 1 directory with 5 updates

[dependabot]

Bumps the python-minor group with 5 updates in the / directory:

Package	From	To
python-dotenv	1.2.1	1.2.2
sentry-sdk	2.49.0	2.55.0
ruff	0.14.13	0.15.7
pytest-cov	7.0.0	7.1.0
bandit	1.9.3	1.9.4

Updates python-dotenv from 1.2.1 to 1.2.2

Release notes

Sourced from python-dotenv's releases.

v1.2.2

Added

• Support for Python 3.14, including the free-threaded (3.14t) build. (#)

Changed

• The dotenv run command now forwards flags directly to the specified command by @​bbc2 in theskumar/python-dotenv#607
• Improved documentation clarity regarding override behavior and the reference page.
• Updated PyPy support to version 3.11.
• Documentation for FIFO file support.
• Support for Python 3.9.

Fixed

• Improved set_key and unset_key behavior when interacting with symlinks by @​bbc2 in #790c5
• Corrected the license specifier and added missing Python 3.14 classifiers in package metadata by @​JYOuyang in theskumar/python-dotenv#590

Breaking Changes

• dotenv.set_key and dotenv.unset_key used to follow symlinks in some situations. This is no longer the case. For that behavior to be restored in all cases, follow_symlinks=True should be used.

• In the CLI, set and unset used to follow symlinks in some situations. This is no longer the case.

• dotenv.set_key, dotenv.unset_key and the CLI commands set and unset used to reset the file mode of the modified .env file to 0o600 in some situations. This is no longer the case: The original mode of the file is now preserved. Is the file needed to be created or wasn't a regular file, mode 0o600 is used.

Misc

• skip 000 permission tests for root user by @​burnout-projects in theskumar/python-dotenv#561
• Bump actions/checkout from 5 to 6 in the github-actions group by @​dependabot[bot] in theskumar/python-dotenv#593
• Add Windows testing to CI by @​bbc2 in theskumar/python-dotenv#604
• Improve workflow efficiency with best practices by @​theskumar in theskumar/python-dotenv#609
• Remove the use of sh in tests by @​bbc2 in theskumar/python-dotenv#612

New Contributors

• @​JYOuyang made their first contribution in theskumar/python-dotenv#590
• @​burnout-projects made their first contribution in theskumar/python-dotenv#561
• @​cpackham-atlnz made their first contribution in theskumar/python-dotenv#597

Full Changelog: theskumar/python-dotenv@v1.2.1...v1.2.2

Changelog

Sourced from python-dotenv's changelog.

[1.2.2] - 2026-03-01

Added

• Support for Python 3.14, including the free-threaded (3.14t) build. (#588)

Changed

• The dotenv run command now forwards flags directly to the specified command by [@​bbc2] in #607
• Improved documentation clarity regarding override behavior and the reference page.
• Updated PyPy support to version 3.11.
• Documentation for FIFO file support.
• Dropped Support for Python 3.9.

Fixed

• Improved set_key and unset_key behavior when interacting with symlinks by [@​bbc2] in [790c5c0]
• Corrected the license specifier and added missing Python 3.14 classifiers in package metadata by [@​JYOuyang] in #590

Breaking Changes

• dotenv.set_key and dotenv.unset_key used to follow symlinks in some situations. This is no longer the case. For that behavior to be restored in all cases, follow_symlinks=True should be used.

• In the CLI, set and unset used to follow symlinks in some situations. This is no longer the case.

• dotenv.set_key, dotenv.unset_key and the CLI commands set and unset used to reset the file mode of the modified .env file to 0o600 in some situations. This is no longer the case: The original mode of the file is now preserved. Is the file needed to be created or wasn't a regular file, mode 0o600 is used.

Commits

• 36004e0 Bump version: 1.2.1 → 1.2.2
• eb20252 docs: update changelog for v1.2.2
• 790c5c0 Merge commit from fork
• 43340da Remove the use of sh in tests (#612)
• 09d7cee docs: clarify override behavior and document FIFO support (#610)
• c8de288 ci: improve workflow efficiency with best practices (#609)
• 7bd9e3d Add Windows testing to CI (#604)
• 1baaf04 Drop Python 3.9 support and update to PyPy 3.11 (#608)
• 4a22cf8 ci: enable testing on Python 3.14t (free-threaded) (#588)
• e2e8e77 Fix license specifier (#597)
• Additional commits viewable in compare view

Updates sentry-sdk from 2.49.0 to 2.55.0

Release notes

Sourced from sentry-sdk's releases.

2.55.0

New Features ✨

Anthropic

• Record finish reasons in AI monitoring spans by @​ericapisani in #5678
• Emit gen_ai.chat spans for asynchronous messages.stream() by @​alexander-alderman-webb in #5572
• Emit AI Client Spans for synchronous messages.stream() by @​alexander-alderman-webb in #5565
• Set gen_ai.response.id span attribute by @​ericapisani in #5662
• Add gen_ai.system attribute to spans by @​ericapisani in #5661

Pydantic Ai

• Support ImageUrl content type in span instrumentation by @​ericapisani in #5629
• Add tool description to execute_tool spans by @​ericapisani in #5596

Other

• (crons) Add owner field to MonitorConfig by @​julwhitney13 in #5610
• (otlp) Add collector_url option to OTLPIntegration by @​sl0thentr0py in #5603

Bug Fixes 🐛

• (ai) Truncate list-based message content in AI monitoring by @​ericapisani in #5631
• (anthropic) Close span on GeneratorExit by @​alexander-alderman-webb in #5643
• (celery) Propagate user-set headers by @​sentrivana in #5581
• (langchain) Wrap finish_reason in array for gen_ai span attribute by @​ericapisani in #5666
• (logging) Fix deadlock in log batcher by @​sentrivana in #5684
• (profiler) Prevent buffer race condition during rapid start/stop cycles by @​ericapisani in #5622
• (utils) Avoid double serialization of strings in safe_serialize by @​ericapisani in #5587
• Enable unused import ruff check and fix unused imports by @​sentrivana in #5652

Documentation 📚

• (openai-agents) Remove inapplicable comment by @​alexander-alderman-webb in #5495
• Add AGENTS.md by @​sentrivana in #5579
• Add set_attribute example to changelog by @​sentrivana in #5578

Internal Changes 🔧

Anthropic

• Check system and response ID attributes on spans created by stream() by @​alexander-alderman-webb in #5665
• Skip accumulation logic for unexpected types in streamed response by @​alexander-alderman-webb in #5564
• Factor out streamed result handling by @​alexander-alderman-webb in #5563
• Stream valid JSON by @​alexander-alderman-webb in #5641
• Stop mocking response iterator by @​alexander-alderman-webb in #5573

Openai Agents

... (truncated)

Changelog

Sourced from sentry-sdk's changelog.

2.55.0

New Features ✨

Anthropic

• Record finish reasons in AI monitoring spans by @​ericapisani in #5678
• Emit gen_ai.chat spans for asynchronous messages.stream() by @​alexander-alderman-webb in #5572
• Emit AI Client Spans for synchronous messages.stream() by @​alexander-alderman-webb in #5565
• Set gen_ai.response.id span attribute by @​ericapisani in #5662
• Add gen_ai.system attribute to spans by @​ericapisani in #5661

Pydantic Ai

• Support ImageUrl content type in span instrumentation by @​ericapisani in #5629
• Add tool description to execute_tool spans by @​ericapisani in #5596

Other

• (crons) Add owner field to MonitorConfig by @​julwhitney13 in #5610
• (otlp) Add collector_url option to OTLPIntegration by @​sl0thentr0py in #5603

Bug Fixes 🐛

• (ai) Truncate list-based message content in AI monitoring by @​ericapisani in #5631
• (anthropic) Close span on GeneratorExit by @​alexander-alderman-webb in #5643
• (celery) Propagate user-set headers by @​sentrivana in #5581
• (langchain) Wrap finish_reason in array for gen_ai span attribute by @​ericapisani in #5666
• (logging) Fix deadlock in log batcher by @​sentrivana in #5684
• (profiler) Prevent buffer race condition during rapid start/stop cycles by @​ericapisani in #5622
• (utils) Avoid double serialization of strings in safe_serialize by @​ericapisani in #5587
• Enable unused import ruff check and fix unused imports by @​sentrivana in #5652

Documentation 📚

• (openai-agents) Remove inapplicable comment by @​alexander-alderman-webb in #5495
• Add AGENTS.md by @​sentrivana in #5579
• Add set_attribute example to changelog by @​sentrivana in #5578

Internal Changes 🔧

Anthropic

• Check system and response ID attributes on spans created by stream() by @​alexander-alderman-webb in #5665
• Skip accumulation logic for unexpected types in streamed response by @​alexander-alderman-webb in #5564
• Factor out streamed result handling by @​alexander-alderman-webb in #5563
• Stream valid JSON by @​alexander-alderman-webb in #5641
• Stop mocking response iterator by @​alexander-alderman-webb in #5573

Openai Agents

... (truncated)

Commits

• 038a429 release: 2.55.0
• b29c4bb fix(logging): Fix deadlock in log batcher (#5684)
• b905cd3 feat(anthropic): Record finish reasons in AI monitoring spans (#5678)
• 6ea663f fix(langchain): Wrap finish_reason in array for gen_ai span attribute (#5666)
• 6345af9 fix(ai): Truncate list-based message content in AI monitoring (#5631)
• 01346a9 build(deps): bump actions/create-github-app-token from 2.2.1 to 3.0.0 (#5667)
• 0b94624 build(deps): bump getsentry/testing-ai-sdk-integrations from 285c012e522f2415...
• 39cf94d build(deps): bump getsentry/craft from 2.23.1 to 2.24.1 (#5668)
• ada153b ref: Add cont profiling support to span first (#5672)
• 0b5f4f8 ci: 🤖 Update test matrix with new releases (03/16) (#5671)
• Additional commits viewable in compare view

Updates ruff from 0.14.13 to 0.15.7

Release notes

Sourced from ruff's releases.

0.15.7

Release Notes

Released on 2026-03-19.

Preview features

• Display output severity in preview (#23845)
• Don't show noqa hover for non-Python documents (#24040)

Rule changes

• [pycodestyle] Recognize pyrefly: as a pragma comment (E501) (#24019)

Server

• Don't return code actions for non-Python documents (#23905)

Documentation

• Add company AI policy to contributing guide (#24021)
• Document editor features for Markdown code formatting (#23924)
• [pylint] Improve phrasing (PLC0208) (#24033)

Other changes

• Use PEP 639 license information (#19661)

Contributors

• @​tmimmanuel
• @​DimitriPapadopoulos
• @​amyreese
• @​statxc
• @​dylwil3
• @​hunterhogan
• @​renovate

Install ruff 0.15.7

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ruff/releases/download/0.15.7/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/ruff/releases/download/0.15.7/ruff-installer.ps1 | iex"
</tr></table> 

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.7

Released on 2026-03-19.

Preview features

• Display output severity in preview (#23845)
• Don't show noqa hover for non-Python documents (#24040)

Rule changes

• [pycodestyle] Recognize pyrefly: as a pragma comment (E501) (#24019)

Server

• Don't return code actions for non-Python documents (#23905)

Documentation

• Add company AI policy to contributing guide (#24021)
• Document editor features for Markdown code formatting (#23924)
• [pylint] Improve phrasing (PLC0208) (#24033)

Other changes

• Use PEP 639 license information (#19661)

Contributors

• @​tmimmanuel
• @​DimitriPapadopoulos
• @​amyreese
• @​statxc
• @​dylwil3
• @​hunterhogan
• @​renovate

0.15.6

Released on 2026-03-12.

Preview features

• Add support for lazy import parsing (#23755)
• Add support for star-unpacking of comprehensions (PEP 798) (#23788)
• Reject semantic syntax errors for lazy imports (#23757)
• Drop a few rules from the preview default set (#23879)
• [airflow] Flag Variable.get() calls outside of task execution context (AIR003) (#23584)
• [airflow] Flag runtime-varying values in DAG/task constructor arguments (AIR304) (#23631)
• [flake8-bugbear] Implement delattr-with-constant (B043) (#23737)

... (truncated)

Commits

• 0ef39de Bump 0.15.7 (#24049)
• beb543b [ty] ecosystem-analyzer: Fail on newly panicking projects (#24043)
• 378fe73 Don't show noqa hover for non-Python documents (#24040)
• b5665bd [pylint] Improve phrasing (PLC0208) (#24033)
• 6e20f22 test: migrate show_settings and version tests to use CliTest (#23702)
• f99b284 Drain file watcher events during test setup (#24030)
• 744c996 [ty] Filter out unsatisfiable inference attempts during generic call narrowin...
• 1616095 [ty] Avoid inferring intersection types for call arguments (#23933)
• 7f275f4 [ty] Pin mypy_primer in setup_primer_project.py (#24020)
• 7255e36 [pycodestyle] Recognize pyrefly: as a pragma comment (E501) (#24019)
• Additional commits viewable in compare view

Updates pytest-cov from 7.0.0 to 7.1.0

Changelog

Sourced from pytest-cov's changelog.

7.1.0 (2026-03-21)

• Fixed total coverage computation to always be consistent, regardless of reporting settings. Previously some reports could produce different total counts, and consequently can make --cov-fail-under behave different depending on reporting options. See [#641](https://github.com/pytest-dev/pytest-cov/issues/641) <https://github.com/pytest-dev/pytest-cov/issues/641>_.

• Improve handling of ResourceWarning from sqlite3.

  The plugin adds warning filter for sqlite3 ResourceWarning unclosed database (since 6.2.0). It checks if there is already existing plugin for this message by comparing filter regular expression. When filter is specified on command line the message is escaped and does not match an expected message. A check for an escaped regular expression is added to handle this case.

  With this fix one can suppress ResourceWarning from sqlite3 from command line::

  pytest -W "ignore:unclosed database in <sqlite3.Connection object at:ResourceWarning" ...

• Various improvements to documentation. Contributed by Art Pelling in [#718](https://github.com/pytest-dev/pytest-cov/issues/718) <https://github.com/pytest-dev/pytest-cov/pull/718>_ and "vivodi" in [#738](https://github.com/pytest-dev/pytest-cov/issues/738) <https://github.com/pytest-dev/pytest-cov/pull/738>. Also closed [#736](https://github.com/pytest-dev/pytest-cov/issues/736) <https://github.com/pytest-dev/pytest-cov/issues/736>.

• Fixed some assertions in tests. Contributed by in Markéta Machová in [#722](https://github.com/pytest-dev/pytest-cov/issues/722) <https://github.com/pytest-dev/pytest-cov/pull/722>_.

• Removed unnecessary coverage configuration copying (meant as a backup because reporting commands had configuration side-effects before coverage 5.0).

Commits

• 66c8a52 Bump version: 7.0.0 → 7.1.0
• f707662 Make the examples use pypy 3.11.
• 6049a78 Make context test use the old ctracer (seems the new sysmon tracer behaves di...
• 8ebf20b Update changelog.
• 861d30e Remove the backup context manager - shouldn't be needed since coverage 5.0, ...
• fd4c956 Pass the precision on the nulled total (seems that there's some caching goion...
• 78c9c4e Only run the 3.9 on older deps.
• 4849a92 Punctuation.
• 197c35e Update changelog and hopefully I don't forget to publish release again :))
• 14dc1c9 Update examples to use 3.11 and make the adhoc layout example look a bit more...
• Additional commits viewable in compare view

Updates bandit from 1.9.3 to 1.9.4

Release notes

Sourced from bandit's releases.

1.9.4

What's Changed

• chore: fixed some typos in comments by @​jakob1379 in PyCQA/bandit#1351
• Bump docker/login-action from 3.6.0 to 3.7.0 by @​dependabot[bot] in PyCQA/bandit#1353
• Bump docker/build-push-action from 6.18.0 to 6.19.2 by @​dependabot[bot] in PyCQA/bandit#1357
• Fix B613 crash when reading from stdin by @​worksbyfriday in PyCQA/bandit#1361
• Include filename in nosec 'no failed test' warning by @​worksbyfriday in PyCQA/bandit#1363
• Fix B615 false positive when revision is set via variable by @​worksbyfriday in PyCQA/bandit#1358
• Lower version guard in check_ast_node to Python 3.12 by @​rcgray in PyCQA/bandit#1355
• Fix B106 reporting wrong line number on multiline function calls by @​worksbyfriday in PyCQA/bandit#1360

New Contributors

• @​jakob1379 made their first contribution in PyCQA/bandit#1351
• @​worksbyfriday made their first contribution in PyCQA/bandit#1361
• @​rcgray made their first contribution in PyCQA/bandit#1355

Full Changelog: PyCQA/bandit@1.9.3...1.9.4

Commits

• 92ae8b8 Fix B106 reporting wrong line number on multiline function calls (#1360)
• c8c8a55 Lower version guard in check_ast_node to Python 3.12 (#1355)
• 8f2f928 Fix B615 false positive when revision is set via variable (#1358)
• e27493f Include filename in nosec 'no failed test' warning (#1363)
• b69b336 Fix B613 crash when reading from stdin (#1361)
• e418b79 Bump docker/build-push-action from 6.18.0 to 6.19.2 (#1357)
• ff646fd Bump docker/login-action from 3.6.0 to 3.7.0 (#1353)
• c0def6c chore: fixed some typos in comments (#1351)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies, python. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.