Skip to content

Bump the python-requirements group across 1 directory with 5 updates#269

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/python-requirements-4dae7517d9
Open

Bump the python-requirements group across 1 directory with 5 updates#269
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/python-requirements-4dae7517d9

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Updates the requirements on coverage, mypy, pytest, tox and python-benedict to permit the latest version.
Updates coverage to 7.14.3

Changelog

Sourced from coverage's changelog.

Version 7.14.3 — 2026-06-22

  • Fix: the default ... exclusion rule now also matches function bodies whose closing return-type bracket is on its own line (for example, after a long -> dict[ ... ] annotation that a formatter has split over multiple lines). Closes issue 2185, thanks Mengjia Shang <pull 2196_>.

  • Fix: On 3.13t, we incorrectly issued Couldn't import C tracer errors. We can't import the C tracer because in 7.14.2 we stopped shipping compiled wheels for 3.13t. Thanks, Hugo van Kemenade <pull 2203_>_.

.. _issue 2185: coveragepy/coveragepy#2185 .. _pull 2196: coveragepy/coveragepy#2196 .. _pull 2203: coveragepy/coveragepy#2203

.. _changes_7-14-2:

Version 7.14.2 — 2026-06-20

  • Fix: some messages were being written to stdout, making coverage json -o - useless for capturing JSON output. Now messages are written to stderr, fixing issue 2197_.

  • Fix: CoverageData kept one SQLite connection per thread that recorded coverage, but never closed them when those threads terminated. On long runs with many short-lived threads this leaked one file descriptor per dead thread, eventually failing with OSError: [Errno 24] Too many open files. Connections belonging to terminated threads are now closed and dropped. Fixes issue 2192. Thanks, Matthew Lloyd <pull 2193_>.

  • Fix: when using sys.monitoring, we were assuming we could use the COVERAGE_ID tool id. But other tools might also assume they could use that id. Pre-allocated ids don't really make sense, so now we search for a usable one instead. Fixes issue 2187_.

  • Following the advice of cibuildwheel <no-13t_>_, we no longer distribute wheels for Python 3.13 free-threaded.

.. _issue 2187: coveragepy/coveragepy#2187 .. _issue 2192: coveragepy/coveragepy#2192 .. _pull 2193: coveragepy/coveragepy#2193 .. _issue 2197: coveragepy/coveragepy#2197 .. _no-13t: https://py-free-threading.github.io/ci/#building-free-threaded-wheels-with-cibuildwheel

.. _changes_7-14-1:

... (truncated)

Commits
  • 22f13ea docs: sample HTML for 7.14.3
  • 2ca4e5f docs: prep for 7.14.3
  • 01d714e docs: add changelog entry for #2203
  • f36248d fix: don't emit 'Couldn't import C tracer' warning for 3.13t (#2203)
  • 86d73d1 docs: thanks, Mengjia Shang
  • 3d4ae3c docs: add the #2196 pr link to CHANGES
  • f4b2b4d fix: exclude ... bodies after multi-line return-type annotations (#2185) (#...
  • 1980ed0 chore: bump sigstore/gh-action-sigstore-python (#2201)
  • bca3217 build: since we don't ship 3.13t, don't test it
  • 77550d8 docs: oops, mismatched pull requests
  • Additional commits viewable in compare view

Updates mypy to 2.1.0

Changelog

Sourced from mypy's changelog.

Mypy Release Notes

Next Release

Mypy 2.1

We’ve just uploaded mypy 2.1.0 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance improvements and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

librt.vecs: Fast Growable Array Type for Mypyc

The new librt.vecs module provides an efficient growable array type vec that is optimized for mypyc use. It provides fast, packed arrays with integer and floating point value types, which can be several times faster than list, and tens of times faster than array.array in code compiled using mypyc. It also supports nested vec objects and non-value-type items, such as vec[vec[str]].

Refer to the documentation for the details.

Contributed by Jukka Lehtosalo.

librt.random: Fast Pseudo-Random Number Generation

The new librt.random module provides fast pseudo-random number generation that is optimized for code compiled using mypyc. It can be 3x to 10x faster than the stdlib random module in compiled code.

Refer to the documentation for the details.

Contributed by Jukka Lehtosalo (PR 21433).

Mypyc Improvements

  • Enable incremental self-compilation (Vaggelis Danias, PR 21369)
  • Make compilation order with multiple files consistent (Piotr Sawicki, PR 21419)
  • Fix crash on accessing StopAsyncIteration (Piotr Sawicki, PR 21406)
  • Fix incremental compilation with separate flag (Vaggelis Danias, PR 21299)

Fixes to Crashes

  • Fix crash on partial type with --allow-redefinition and global declaration (Jukka Lehtosalo, PR 21428)
  • Fix broken awaitable generator patching (Ivan Levkivskyi, PR 21435)

... (truncated)

Commits

Updates pytest to 9.1.1

Release notes

Sourced from pytest's releases.

9.1.1

pytest 9.1.1 (2026-06-19)

Bug fixes

  • #14220: Fixed a logic bug in pytest.RaisesGroup which would might cause it to display incorrect "It matches FooError() which was paired with BarError" messages.
  • #14591: Fixed a regression in pytest 9.1.0 which caused overriding a parametrized fixture with an indirect @​pytest.mark.parametrize to fail with "duplicate parametrization of '<fixture name>'".
  • #14606: Fixed list-item typing errors from mypy in @pytest.mark.parametrize <pytest.mark.parametrize ref> argvalues parameter.
  • #14608: Fixed a regression in pytest 9.1.0 where conftest.py files located in <invocation dir>/test* were no longer loaded as initial conftests when invoked without arguments. This could cause certain hooks (like pytest_addoption) in these files to not fire.
Commits
  • cf470ec Prepare release version 9.1.1
  • e0c8ce6 Merge pull request #14625 from pytest-dev/patchback/backports/9.1.x/a07c31a97...
  • 1b82d16 Merge pull request #14624 from pytest-dev/patchback/backports/9.1.x/b375b79ec...
  • 501c4bc Merge pull request #14596 from bluetech/doc-classmethod
  • b61f588 Merge pull request #14622 from chrisburr/fix-14608-initial-conftest-test-subdir
  • 9a567e0 [automated] Update plugin list (#14617) (#14618)
  • ef8b299 Merge pull request #14620 from pytest-dev/patchback/backports/9.1.x/680f9f3ed...
  • 66abd07 Merge pull request #14220 from bysiber/fix-stale-iexp-raisesgroup
  • 79fbf93 Merge pull request #14612 from pytest-dev/patchback/backports/9.1.x/974ed48b6...
  • 0d312eb Merge pull request #14611 from bluetech/parametrize-argvalues-typing
  • Additional commits viewable in compare view

Updates tox to 4.56.1

Release notes

Sourced from tox's releases.

v4.56.1

What's Changed

New Contributors

Full Changelog: tox-dev/tox@4.56.0...4.56.1

Changelog

Sourced from tox's changelog.

Bug fixes - 4.56.1

  • Fix { replace = "if" ... extend = true } corrupting the resulting list when then or else is a scalar string (e.g. then = "-v"): a non-empty scalar string is now appended as a single element instead of being iterated character-by-character, while a false if with no else (yielding "") contributes nothing rather than an empty element, and list/set results are still spread into the parent. (:issue:3969)

v4.56.0 (2026-06-23)


Features - 4.56.0

  • Derive :ref:virtualenv_spec automatically: when an environment targets a Python version the installed :pypi:virtualenv can no longer create (e.g. py38 with virtualenv 21.5+), tox now pins the newest virtualenv that still supports it and bootstraps it for that environment only. The downgrade happens only when every base_python candidate is unsupported, so environments targeting current interpreters are unaffected. This fixes py38 (and other end-of-life interpreters) being silently skipped after a virtualenv upgrade - by :user:gaborbernat. (:issue:3965) (:issue:3965)

Bug fixes - 4.56.0

  • The default value of skip_missing_interpreters changed from True to False — missing interpreters now fail the run by default, matching tox 3 behavior. The tox 4 rewrite unintentionally changed this default. To restore the previous (incorrect) behavior, set skip_missing_interpreters = true in your tox configuration or pass --skip-missing-interpreters on the command line. (:issue:3965)

Improved documentation - 4.56.0

  • Fix nested list items being rendered with continued numbering instead of as sub-items in development.rst, onboarding.rst and explanation.rst. (:issue:3960)
  • Replace stale http://tox.readthedocs.org URL with https://tox.wiki in pyproject.toml (Homepage), .github/CONTRIBUTING.md, and .github/PULL_REQUEST_TEMPLATE.md. (:issue:3963)

v4.55.1 (2026-06-03)


Bug fixes - 4.55.1

  • TOX_OVERRIDE (and -x/--override) now propagates through configuration references. Previously, overriding a base value that was later referenced via {[section]key} (ini) or {replace = "ref", of = [...]} (toml) was ignored because reference resolution read the raw file value, bypassing the override system - by :user:tales-aparecida. (:issue:3950) (:issue:3950)

... (truncated)

Commits

Updates python-benedict from 0.36.0 to 0.37.0

Release notes

Sourced from python-benedict's releases.

0.37.0

  • Add optional schema kwarg support (python-benedict[schema] with pydantic v2) to all from_* and to_* I/O methods. (#565)
  • Add indexes=True option to flatten / unflatten for list/tuple flattening with round-trip support. (#561)
  • Add deep argument support to filter method to apply the predicate recursively to all nested dicts.
  • Add deep argument support to remove method to remove the key(s) at every nesting level.
  • Add deep argument support to rename method to rename the key at every nesting level.
  • Reduce dependencies making the core installation super lightweight. #567
  • Swap uiri/toml encoder for tomli_w. #439
  • Fix yaml serializer to use safe_dump and add pickle security warning (CWE-502). (#563)
  • Fix orjson and requests requirements to address CVE-2025-67221 and CVE-2024-27454. (#562)
  • Add CONTRIBUTING.md.
  • Bump requirements and pre-commit hooks.
Changelog

Sourced from python-benedict's changelog.

0.37.0 - 2026-05-09

  • Add optional schema kwarg support (python-benedict[schema] with pydantic v2) to all from_* and to_* I/O methods. (#565)
  • Add indexes=True option to flatten / unflatten for list/tuple flattening with round-trip support. (#561)
  • Add deep argument support to filter method to apply the predicate recursively to all nested dicts.
  • Add deep argument support to remove method to remove the key(s) at every nesting level.
  • Add deep argument support to rename method to rename the key at every nesting level.
  • Reduce dependencies making the core installation super lightweight. #567
  • Swap uiri/toml encoder for tomli_w. #439
  • Fix yaml serializer to use safe_dump and add pickle security warning (CWE-502). (#563)
  • Fix orjson and requests requirements to address CVE-2025-67221 and CVE-2024-27454. (#562)
  • Add CONTRIBUTING.md.
  • Bump requirements and pre-commit hooks.
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Updates the requirements on [coverage](https://github.com/coveragepy/coveragepy), [mypy](https://github.com/python/mypy), [pytest](https://github.com/pytest-dev/pytest), [tox](https://github.com/tox-dev/tox) and [python-benedict](https://github.com/fabiocaccamo/python-benedict) to permit the latest version.

Updates `coverage` to 7.14.3
- [Release notes](https://github.com/coveragepy/coveragepy/releases)
- [Changelog](https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst)
- [Commits](coveragepy/coveragepy@7.13.0...7.14.3)

Updates `mypy` to 2.1.0
- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md)
- [Commits](python/mypy@v1.20.0...v2.1.0)

Updates `pytest` to 9.1.1
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](pytest-dev/pytest@9.0.3...9.1.1)

Updates `tox` to 4.56.1
- [Release notes](https://github.com/tox-dev/tox/releases)
- [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst)
- [Commits](tox-dev/tox@4.53.0...4.56.1)

Updates `python-benedict` from 0.36.0 to 0.37.0
- [Release notes](https://github.com/fabiocaccamo/python-benedict/releases)
- [Changelog](https://github.com/fabiocaccamo/python-benedict/blob/main/CHANGELOG.md)
- [Commits](fabiocaccamo/python-benedict@0.36.0...0.37.0)

---
updated-dependencies:
- dependency-name: coverage
  dependency-version: 7.14.3
  dependency-type: direct:production
  dependency-group: python-requirements
- dependency-name: mypy
  dependency-version: 2.1.0
  dependency-type: direct:production
  dependency-group: python-requirements
- dependency-name: pytest
  dependency-version: 9.1.1
  dependency-type: direct:production
  dependency-group: python-requirements
- dependency-name: tox
  dependency-version: 4.56.1
  dependency-type: direct:production
  dependency-group: python-requirements
- dependency-name: python-benedict
  dependency-version: 0.37.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-requirements
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jul 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants