chore(deps): bump the python-packages group across 1 directory with 4 updates

[dependabot]

Updates the requirements on attrs, typeguard, invoke and fabric to permit the latest version.
Updates attrs to 26.1.0

Release notes

Sourced from attrs's releases.

26.1.0

Highlights

The main outward change here only affects people using field transformers, but it should be a nice quality of life improvement!

Full changelog below!

Special Thanks

This release would not be possible without my generous sponsors! Thank you to all of you making sustainable maintenance possible! If you would like to join them, go to https://github.com/sponsors/hynek and check out the sweet perks!

Above and Beyond

Variomedia AG (@variomedia), Tidelift (@tidelift), Kraken Tech (@kraken-tech), Privacy Solutions GmbH (@privacy-solutions), FilePreviews (@filepreviews), Ecosystems (@ecosyste-ms), TestMu AI Open Source Office (Formerly LambdaTest) (@LambdaTest-Inc), Doist (@Doist), Daniel Fortunov (@asqui), and Kevin P. Fleming (@kpfleming).

Maintenance Sustainers

Buttondown (@buttondown), Christopher Dignam (@chdsbd), Magnus Watn (@magnuswatn), David Cramer (@dcramer), Rivo Laks (@rivol), Polar (@polarsource), Mike Fiedler (@miketheman), Duncan Hill (@cricalix), Colin Marquardt (@cmarqu), Pieter Swinkels (@swinkels), Nick Libertini (@libertininick), Brian M. Dennis (@crossjam), Celebrity News AG (@celebritynewsag), The Westervelt Company (@westerveltco), Sławomir Ehlert (@slafs), Mostafa Khalil (@khadrawy), Filip Mularczyk (@mukiblejlok), Thomas Klinger (@thmsklngr), Andreas Poehlmann (@ap--), August Trapper Bigelow (@atbigelow), Carlton Gibson (@carltongibson), and Roboflow (@roboflow).

Full Changelog

Backwards-incompatible Changes

• Field aliases are now resolved before calling field_transformer, so transformers receive fully populated Attribute objects with usable alias values instead of None. The new Attribute.alias_is_default flag indicates whether the alias was auto-generated (True) or explicitly set by the user (False). #1509

Changes

• Fix type annotations for attrs.validators.optional(), so it no longer rejects tuples with more than one validator. #1496
• The attrs.validators.disabled() contextmanager can now be nested. #1513
• Frozen classes can set on_setattr=attrs.setters.NO_OP in addition to None. #1515
• It's now possible to pass attrs instances in addition to attrs classes to attrs.fields(). #1529

---

This release contains contributions from @​bysiber, @​DavidCEllis, @​finite-state-machine, @​hynek, @​veeceey, and @​vstinner.

Artifact Attestations

You can verify this release's artifact attestions using GitHub's CLI tool by downloading the sdist and wheel from PyPI and running:

$ gh attestation verify --owner python-attrs attrs-26.1.0.tar.gz

... (truncated)

Changelog

Sourced from attrs's changelog.

26.1.0 - 2026-03-19

Backwards-incompatible Changes

• Field aliases are now resolved before calling field_transformer, so transformers receive fully populated Attribute objects with usable alias values instead of None. The new Attribute.alias_is_default flag indicates whether the alias was auto-generated (True) or explicitly set by the user (False). #1509

Changes

• Fix type annotations for attrs.validators.optional(), so it no longer rejects tuples with more than one validator. #1496
• The attrs.validators.disabled() contextmanager can now be nested. #1513
• Frozen classes can set on_setattr=attrs.setters.NO_OP in addition to None. #1515
• It's now possible to pass attrs instances in addition to attrs classes to attrs.fields(). #1529

25.4.0 - 2025-10-06

Backwards-incompatible Changes

• Class-level kw_only=True behavior is now consistent with dataclasses.

  Previously, a class that sets kw_only=True makes all attributes keyword-only, including those from base classes. If an attribute sets kw_only=False, that setting is ignored, and it is still made keyword-only.

  Now, only the attributes defined in that class that doesn't explicitly set kw_only=False are made keyword-only.

  This shouldn't be a problem for most users, unless you have a pattern like this:

  @attrs.define(kw_only=True)
  class Base:
      a: int
      b: int = attrs.field(default=1, kw_only=False)
  @​attrs.define
  class Subclass(Base):
  c: int

  Here, we have a kw_only=True attrs class (Base) with an attribute that sets kw_only=False and has a default (Base.b), and then create a subclass (Subclass) with required arguments (Subclass.c). Previously this would work, since it would make Base.b keyword-only, but now this fails since Base.b is positional, and we have a required positional argument (Subclass.c) following another argument with defaults. #1457

... (truncated)

Commits

• 7bfc49e Prepare 26.1.0
• 31e0286 Update test_validators.py for Python 3.15a7 (#1530)
• 48b8611 Add instance support to attrs.fields() (#1529)
• 3a68d49 dev: document missing git tags failure mode
• a572c3a Allow field(on_setattr=NO_OP) on frozen classes
• af9c510 Fix validators.disabled() to save/restore state on nesting (#1513)
• ab7f8b2 update dev
• ce89f5d Fix message passing in frozen errors
• eccd966 Fix optional validator to accept tuples of len > 1 (#1496)
• e92fe52 policies: tighten screws (#1528)
• Additional commits viewable in compare view

Updates typeguard from 4.4.4 to 4.5.1

Release notes

Sourced from typeguard's releases.

4.5.1

• Fixed iterable unpacking incorrectly calculating the cut-off offset of the item list when assigning remaining values to the star variable (#546)

4.5.0

• Restored the check_argument_types() and check_return_type() functions that were dropped in v3.0.0, for users who want more fine-grained control over run-time type checking (#437)
• Added support for extra_items in TypedDict, allowing users to specify the types for the values of "leftover" keys in a typed dict (keys that weren't explicitly defined in the TypedDict subclass) (#538)
• Fixed NameError when evaluating forward references on Python 3.14 (#536; PR by @​dionhaefner)
• Fixed protocol check incorrectly rejecting inherited classmethods and staticmethods (#539)
• Fixed missing TypeCheckError when checking TypedDict with Required[...] annotations (#533; PR by @​dionhaefner)
• Fixed type aliases (e.g. type Foo = list[int]) not being resolved during type checking (#526)
• Fixed type-checked assignments to a single tuple target (e.g. x, = ("foo",)) falsely raising TypeCheckedError (#535)

Commits

• 67cae3d Added release date
• 8005884 Fixed incorrect calculation of cutoff_offset in check_variable_assignment()
• 85bf35b Fixed the PyPI upload step
• 16e827f Added release date
• 5a075bc Fixed duplicate test parameter ID
• af3ab1f Updated README to mention the two restored functions
• 574dda4 Restored check_argument_types() and check_return_value()
• b05b7da Fixed single-tuple unpacking assignments not working
• 208c246 Added funding information and moved the security info
• 1cd7638 Fixed type aliases not being resolved during type checking
• Additional commits viewable in compare view

Updates invoke from 2.2.1 to 3.0.0

Commits

• 2e66098 Cut 3.0.0
• 38f719a Updates to reflect that Invoke 3.0 is the next release
• 84f8a39 Some type hints
• af5fd23 Tiny ol lint?
• 98c63bd Not sure how this >Py3.9 type hint snuck in
• afb4a71 Rub an f-string on a bit
• 3e42bd9 Changelog entry for general type cleanup
• 7aa7deb Runner.run now returns Result even if disown=True
• 58e800f Type-hint / isort / etc integration suite
• 858e97c Sort tasks.py namespace obj
• Additional commits viewable in compare view

Updates fabric from 3.2.2 to 3.2.3

Commits

• 48e3f55 Cut 3.2.3
• ca9cf7a Pin Fabric 3.x to Invoke<3
• 6539622 Limit dev envs to pytest 7 for now
• 3342252 Merge branch '3.1' into 3.2
• a16eff4 got yaml'd, lmao
• 517c456 Yet more RTD changes
• 84c7f1b RTD also deprecating build.image for build.os
• da43d77 Merge branch '3.1' into 3.2
• 87677f2 Merge branch '3.0' into 3.1
• 4a67ce8 AND it's yaml not yml? didn't .yml used to work? ughghg
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions