⬆️(dependencies) update python dependencies

[renovate]

Note: This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
bandit (source, changelog)	==1.8.3 -> ==1.9.2
beaupy	==3.10.1 -> ==3.10.2
black (changelog)	==25.1.0 -> ==25.11.0
django-redis	>=4.11.0,<6 -> >=6,<7
django-storages (changelog)	==1.14.5 -> ==1.14.6
easy_thumbnails	>=2.8,<2.10 -> >=2.10,<2.11
flake8 (changelog)	==7.2.0 -> ==7.3.0
flake8-pyproject (changelog)	==1.2.3 -> ==1.2.4
ipython	==9.0.2 -> ==9.8.0
isort (changelog)	==6.0.1 -> ==7.0.0
lxml (source, changelog)	==5.3.1 -> ==6.0.2
msgpack (changelog)	==1.1.0 -> ==1.1.2
psycopg2-binary (source, changelog)	==2.9.10 -> ==2.9.11
pylint (changelog)	==3.3.6 -> ==4.0.4
pytest (changelog)	==8.3.5 -> ==9.0.1
pytest-cov (changelog)	==6.0.0 -> ==7.0.0
pytest-django (changelog)	==4.10.0 -> ==4.11.1
responses (changelog)	==0.25.7 -> ==0.25.8
sentry-sdk (changelog)	==2.24.1 -> ==2.47.0
twine	==6.1.0 -> ==6.2.0

---

Release Notes

PyCQA/bandit (bandit)

v1.9.2

Compare Source

What's Changed

• Argparse Python 3.14 enhancements by @​ericwb in #​1331
• Check whether Constant value is str by @​ericwb in #​1333

Full Changelog: PyCQA/bandit@1.9.1...1.9.2

v1.9.1

Compare Source

What's Changed

• More Python version related fixes by @​ericwb in #​1327

Full Changelog: PyCQA/bandit@1.9.0...1.9.1

v1.8.6

Compare Source

What's Changed

• Bump sigstore/cosign-installer from 3.8.2 to 3.9.0 by @​dependabot in #​1279
• Bump docker/setup-buildx-action from 3.10.0 to 3.11.1 by @​dependabot in #​1278
• added hint to FreeBSD package in doc/source/integrations.rst by @​daniel-mohr in #​1282
• Bump sigstore/cosign-installer from 3.9.0 to 3.9.1 by @​dependabot in #​1284
• Huggingface revision pinning by @​lukehinds in #​1281

New Contributors

• @​daniel-mohr made their first contribution in #​1282

Full Changelog: PyCQA/bandit@1.8.5...1.8.6

v1.8.5

Compare Source

What's Changed

• Fix the rendering of the CI/CD doc by @​ericwb in #​1274
• Fix for publish to PyPI failure by @​ericwb in #​1273

Full Changelog: PyCQA/bandit@1.8.4...1.8.5

petereon/beaupy (beaupy)

v3.10.2

Compare Source

What's Changed

• chore(deps): update dependency flake8 to v7.1.1 by @​renovate[bot] in #​129
• chore(deps): update dependency isort to v5.13.2 by @​renovate[bot] in #​130
• chore(deps): update dependency mypy to v1.14.1 by @​renovate[bot] in #​131
• docs: adding documentation for global config by @​petereon in #​148
• chore(deps): update dependency pytest to v8.4.2 by @​renovate[bot] in #​147
• chore(deps): update dependency black to v25 by @​renovate[bot] in #​144
• chore(deps): update dependency pydoc-markdown to v4.8.2 by @​renovate[bot] in #​132

Full Changelog: petereon/beaupy@v3.10.1...v3.10.2

psf/black (black)

v25.11.0

Compare Source

Highlights

• Enable base 3.14 support (#​4804)
• Add support for the new Python 3.14 t-string syntax introduced by PEP 750 (#​4805)

Stable style

• Fix bug where comments between # fmt: off and # fmt: on were reformatted (#​4811)
• Comments containing fmt directives now preserve their exact formatting instead of
  being normalized (#​4811)

Preview style

• Move multiline_string_handling from --unstable to --preview (#​4760)
• Fix bug where module docstrings would be treated as normal strings if preceded by
  comments (#​4764)
• Fix bug where python 3.12 generics syntax split line happens weirdly (#​4777)
• Standardize type comments to form # type: <value> (#​4645)
• Fix fix_fmt_skip_in_one_liners preview feature to respect # fmt: skip for compound
  statements with semicolon-separated bodies (#​4800)

Configuration

• Add no_cache option to control caching behavior. (#​4803)

Packaging

• Releases now include arm64 Linux binaries (#​4773)

Output

• Write unchanged content to stdout when excluding formatting from stdin using pipes
  (#​4610)

Blackd

• Implemented BlackDClient. This simple python client allows to easily send formatting
  requests to blackd (#​4774)

Integrations

• Enable 3.14 base CI (#​4804)
• Enhance GitHub Action psf/black to support the required-version major-version-only
  "stability" format when using pyproject.toml (#​4770)
• Improve error message for vim plugin users. It now handles independently vim version
• Vim: Warn on unsupported Vim and Python versions independently (#​4772)
• Vim: Print the import paths when importing black fails (#​4675)
• Vim: Fix handling of virtualenvs that have a different Python version (#​4675)

v25.9.0

Compare Source

Highlights

• Remove support for pre-python 3.7 await/async as soft keywords/variable names
  (#​4676)

Stable style

• Fix crash while formatting a long del statement containing tuples (#​4628)
• Fix crash while formatting expressions using the walrus operator in complex with
  statements (#​4630)
• Handle # fmt: skip followed by a comment at the end of file (#​4635)
• Fix crash when a tuple appears in the as clause of a with statement (#​4634)
• Fix crash when tuple is used as a context manager inside a with statement (#​4646)
• Fix crash when formatting a \ followed by a \r followed by a comment (#​4663)
• Fix crash on a \\r\n (#​4673)
• Fix crash on await ... (where ... is a literal Ellipsis) (#​4676)
• Fix crash on parenthesized expression inside a type parameter bound (#​4684)
• Fix crash when using line ranges excluding indented single line decorated items
  (#​4670)

Preview style

• Fix a bug where one-liner functions/conditionals marked with # fmt: skip would still
  be formatted (#​4552)
• Improve multiline_string_handling with ternaries and dictionaries (#​4657)
• Fix a bug where string_processing would not split f-strings directly after
  expressions (#​4680)
• Wrap the in clause of comprehensions across lines if necessary (#​4699)
• Remove parentheses around multiple exception types in except and except* without
  as. (#​4720)
• Add \r style newlines to the potential newlines to normalize file newlines both from
  and to (#​4710)

Parser

• Rewrite tokenizer to improve performance and compliance (#​4536)
• Fix bug where certain unusual expressions (e.g., lambdas) were not accepted in type
  parameter bounds and defaults. (#​4602)

Performance

• Avoid using an extra process when running with only one worker (#​4734)

Integrations

• Fix the version check in the vim file to reject Python 3.8 (#​4567)
• Enhance GitHub Action psf/black to read Black version from an additional section in
  pyproject.toml: [project.dependency-groups] (#​4606)
• Build gallery docker image with python3-slim and reduce image size (#​4686)

Documentation

• Add FAQ entry for windows emoji not displaying (#​4714)

jazzband/django-redis (django-redis)

v6.0.0

Compare Source

===============================

Features

• Support HashMaps (#&#8203;598 <https://github.com/jazzband/django-redis/issues/598>_)
• Support gzip compression (#&#8203;688 <https://github.com/jazzband/django-redis/issues/688>_)
• Support for sets and support basic operations, sadd, scard, sdiff, sdiffstore, sinter, sinterstore, smismember, sismember, smembers, smove, spop, srandmember, srem, sscan, sscan_iter, sunion, sunionstore (#&#8203;730 <https://github.com/jazzband/django-redis/issues/730>_)

Bug Fixes

• Hotfix for timeout=DEFAULT_TIMEOUT in expire and pexpire (#&#8203;724 <https://github.com/jazzband/django-redis/issues/724>_)
• Fix is_master parsing error for write separation in sentinel mode (#&#8203;749 <https://github.com/jazzband/django-redis/issues/749>_)
• Added blocking parameter for cache.lock (#&#8203;752 <https://github.com/jazzband/django-redis/issues/752>_)

Miscellaneous

• Added support for Python 3.12 (#&#8203;689 <https://github.com/jazzband/django-redis/issues/689>_)
• Pin pytest to <7.0 until compatibility issues are resolved (#&#8203;690 <https://github.com/jazzband/django-redis/issues/690>_)
• Replace isort and flake8 with ruff (#&#8203;692 <https://github.com/jazzband/django-redis/issues/692>_)
• Drop django 4.0 (#&#8203;693 <https://github.com/jazzband/django-redis/issues/693>_)
• Upgrade black to 23.10.1 (#&#8203;695 <https://github.com/jazzband/django-redis/issues/695>_)
• Typed DefaultClient (#&#8203;696 <https://github.com/jazzband/django-redis/issues/696>_)
• Support pytest>=7 (#&#8203;697 <https://github.com/jazzband/django-redis/issues/697>_)
• Drop support for django 3.2, python 3.6 and python 3.7 (#&#8203;699 <https://github.com/jazzband/django-redis/issues/699>_)
• Support tox 4 (#&#8203;701 <https://github.com/jazzband/django-redis/issues/701>_)
• Configured dependabot for github actions (#&#8203;702 <https://github.com/jazzband/django-redis/issues/702>_)
• Use ubuntu-latest for CI (#&#8203;703 <https://github.com/jazzband/django-redis/issues/703>_)
• Dropped support for django 4.1 and added support for django 5.0 (#&#8203;729 <https://github.com/jazzband/django-redis/issues/729>_)
• Added support for django 5.1 (#&#8203;754 <https://github.com/jazzband/django-redis/issues/754>_)
• Update minimum supported versions in README.md: Python to 3.8, Django to 4.2, redis-py to 4.0.2 (#&#8203;755 <https://github.com/jazzband/django-redis/issues/755>_)
• Added support for Python 3.13 (#&#8203;756 <https://github.com/jazzband/django-redis/issues/756>_)
• Speed up tests by using pytest-xdist and separating settings on different redis databases.
  Dropped pytest-django
  Using docker-compose for setting up redis containers for testing
  Use tox-uv (#&#8203;757 <https://github.com/jazzband/django-redis/issues/757>_)
• Confirm support for Django 5.2.
  Fix shadowing builtin Python exceptions. (#&#8203;824 <https://github.com/jazzband/django-redis/issues/824>_)

Deprecations and Removals

• Drop support for Python 3.8 (#&#8203;852 <https://github.com/jazzband/django-redis/issues/852>_)

jschneier/django-storages (django-storages)

v1.14.6

Compare Source

SmileyChris/easy-thumbnails (easy_thumbnails)

v2.10.1

Compare Source

• Add support for Django-5.2.

v2.10

Compare Source

• Add support for Django-5.2.

pycqa/flake8 (flake8)

v7.3.0

Compare Source

john-hen/Flake8-pyproject (flake8-pyproject)

v1.2.4

Compare Source

• Fixes typo in name of meta variable in --toml-config help message. (#​21)
• Registers GitHub repo as trusted publisher for PyPI releases. (#​38)

ipython/ipython (ipython)

v9.8.0

Compare Source

v9.7.0

Compare Source

v9.6.0

Compare Source

v9.5.0

Compare Source

v9.4.0

Compare Source

v9.3.0

Compare Source

v9.2.0

Compare Source

v9.1.0

Compare Source

PyCQA/isort (isort)

v7.0.0

Compare Source

Changes

💥 Breaking Changes

• Drop support for Python 3.9 (#​2430) @​DanielNoord

🚀 Features

• Show absolute paths in skipped file messages (#​2416) @​pranlawate

🪲 Fixes

• Some fixes for Python 3.14 (#​2433) @​DanielNoord
• Test on 3.14 and fix any bugs (#​2425) @​DanielNoord
• Update CHANGELOG.md + Fix Formatting and Grammar (#​2419) @​lukbrew25
• Fix output of hanging indent for long lines with noqa (#​2407) @​matan1008

👷 Continuous Integration

• Format with ruff instead of black (#​2432) @​DanielNoord
• Target 3.10 for ruff (#​2431) @​DanielNoord
• Update development dependencies to latest version (#​2426) @​DanielNoord
• docs: update pre-commit examples to version 6.1.0 (#​2413) @​pranlawate
• Small cleanup for developer environment (#​2418) @​DanielNoord

📦 Dependencies

• Bump actions/setup-python from 5 to 6 in the github-actions group (#​2411) @​dependabot[bot]

v6.1.0

Compare Source

• Add python 3.14 classifier and badge (#​2409) @​staticdev
  • Drop use of non-standard pkg_resources API (#​2405) @​dvarrazzo

lxml/lxml (lxml)

v6.0.2

Compare Source

==================

Bugs fixed

• LP#2125278: Compilation with libxml2 2.15.0 failed.
  Original patch by Xi Ruoyao.

• Setting decompress=True in the parser had no effect in libxml2 2.15.

• Binary wheels on Linux and macOS use the library version libxml2 2.14.6.
  See https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.14.6

• Test failures in libxml2 2.15.0 were fixed.

Other changes

• Binary wheels for Py3.9-3.11 on the riscv64 architecture were added.

• Error constants were updated to match libxml2 2.15.0.

• Built using Cython 3.1.4.

v6.0.1

Compare Source

==================

Bugs fixed

• LP#2116333: lxml.sax._getNsTag() could fail with an exception on malformed input.

• GH#467: Some test adaptations were made for libxml2 2.15.
  Patch by Nick Wellnhofer.

• LP2119510, GH#473: A Python compatibility test was fixed for Python 3.14+.
  Patch by Lumír Balhar.

• GH#471: Wheels for "riscv64" on recent Python versions were added.
  Patch by ffgan.

• GH#469: The wheel build no longer requires the wheel package unconditionally.
  Patch by Miro Hrončok.

• Binary wheels use the library version libxml2 2.14.5.
  See https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.14.5

• Windows binary wheels continue to use a security patched library version libxml2 2.11.9.

v6.0.0

Compare Source

==================

Features added

• GH#463: lxml.html.diff is faster and provides structurally better diffs.
  Original patch by Steven Fernandez.

• GH#405: The factories Element and ElementTree can now be used in type hints.

• GH#448: Parsing from memoryview and other buffers is supported to allow zero-copy parsing.

• GH#437: lxml.html.builder was missing several HTML5 tag names.
  Patch by Nick Tarleton.

• GH#458: CDATA can now be written into the incremental xmlfile() writer.
  Original patch by Lane Shaw.

• A new parser option decompress=False was added that controls the automatic
  input decompression when using libxml2 2.15.0 or later. Disabling this option
  by default will effectively prevent decompression bombs when handling untrusted
  input. Code that depends on automatic decompression must enable this option.
  Note that libxml2 2.15.0 was not released yet, so this option currently has no
  effect but can already be used.

• The set of compile time / runtime supported libxml2 feature names is available as
  etree.LIBXML_COMPILED_FEATURES and etree.LIBXML_FEATURES.
  This currently includes
  catalog, ftp, html, http, iconv, icu,
  lzma, regexp, schematron, xmlschema, xpath, zlib.

Bugs fixed

• GH#353: Predicates in .find*() could mishandle tag indices if a default namespace is provided.
  Original patch by Luise K.

• GH#272: The head and body properties of lxml.html elements failed if no such element
  was found. They now return None instead.
  Original patch by FVolral.

• Tag names provided by code (API, not data) that are longer than INT_MAX
  could be truncated or mishandled in other ways.

• .text_content() on lxml.html elements accidentally returned a "smart string"
  without additional information. It now returns a plain string.

• LP#2109931: When building lxml with coverage reporting, it now disables the sys.monitoring
  support due to the lack of support in nedbat/coveragepy#1790

Other changes

• Support for Python < 3.8 was removed.

• Parsing directly from zlib (or lzma) compressed data is now considered an optional
  feature in lxml. It may get removed from libxml2 at some point for security reasons
  (compression bombs) and is therefore no longer guaranteed to be available in lxml.

  As of this release, zlib support is still normally available in the binary wheels
  but may get disabled or removed in later (x.y.0) releases. To test the availability,
  use "zlib" in etree.LIBXML_FEATURES.

• The Schematron class is deprecated and will become non-functional in a future lxml version.
  The feature will soon be removed from libxml2 and stop being available.

• GH#438: Wheels include the arm7l target.

• GH#465: Windows wheels include the arm64 target.
  Patch by Finn Womack.

• Binary wheels use the library versions libxml2 2.14.4 and libxslt 1.1.43.
  Note that this disables direct HTTP and FTP support for parsing from URLs.
  Use Python URL request tools instead (which usually also support HTTPS).
  To test the availability, use "http" in etree.LIBXML_FEATURES.

• Windows binary wheels use the library versions libxml2 2.11.9, libxslt 1.1.39 and libiconv 1.17.
  They are now based on VS-2022.

• Built using Cython 3.1.2.

• The debug methods MemDebug.dump() and MemDebug.show() were removed completely.
  libxml2 2.13.0 discarded this feature.

v5.4.0

Compare Source

==================

Bugs fixed

• LP#2107279: Binary wheels use libxml2 2.13.8 and libxslt 1.1.43 to resolve several CVEs.
  (Binary wheels for Windows continue to use a patched libxml2 2.11.9 and libxslt 1.1.39.)
  Issue found by Anatoly Katyushin.

v5.3.2

Compare Source

==================

This release resolves CVE-2025-24928 as described in
https://gitlab.gnome.org/GNOME/libxml2/-/issues/847

Bugs fixed

• Binary wheels use libxml2 2.12.10 and libxslt 1.1.42.

• Binary wheels for Windows use a patched libxml2 2.11.9 and libxslt 1.1.39.

msgpack/msgpack-python (msgpack)

v1.1.2

Compare Source

=====

Release Date: 2025-10-08

This release does not change source code. It updates only building wheels:

• Update Cython to v3.1.4
• Update cibuildwheel to v3.2.0
• Drop Python 3.8
• Add Python 3.14
• Add windows-arm

v1.1.1

Compare Source

=====

Release Date: 2025-06-13

• No change from 1.1.1rc1.

psycopg/psycopg2 (psycopg2-binary)

v2.9.11

Compare Source

pylint-dev/pylint (pylint)

v4.0.4

Compare Source

What's new in Pylint 4.0.4?

Release date: 2025-11-30

False Positives Fixed

• Fixed false positive for invalid-name where module-level constants were incorrectly classified as variables when a class-level attribute with the same name exists.

  Closes #​10719

• Fix a false positive for invalid-name on an UPPER_CASED name inside an if branch that assigns an object.

  Closes #​10745

v4.0.3

Compare Source

What's new in Pylint 4.0.3?

Release date: 2025-11-13

False Positives Fixed

• Add Enum dunder methods _generate_next_value_, _missing_, _numeric_repr_, _add_alias_, and _add_value_alias_ to the list passed to --good-dunder-names.

  Closes #​10435

• Fixed false positive for invalid-name with typing.Annotated.

  Closes #​10696

• Fix false positive for f-string-without-interpolation with template strings
  when using format spec.

  Closes #​10702

• Fix a false positive when an UPPER_CASED class attribute was raising an
  invalid-name when typed with Final.

  Closes #​10711

• Fix a false positive for unbalanced-tuple-unpacking when a tuple is assigned to a function call and the structure of the function's return value is ambiguous.

  Closes #​10721

Other Bug Fixes

• Make 'ignore' option work as expected again.

  Closes #​10669

• Fix crash for consider-using-assignment-expr when a variable annotation without assignment
  is used as the if test expression.

  Closes #​10707

• Fix crash for prefer-typing-namedtuple and consider-math-not-float when
  a slice object is called.

  Closes #​10708

v4.0.2

Compare Source

False Positives Fixed

• Fix false positive for invalid-name on a partially uninferable module-level constant.

  Closes #​10652

• Fix a false positive for invalid-name on exclusive module-level assignments
  composed of three or more branches. We won't raise disallowed-name on module-level names that can't be inferred
  until a further refactor to remove this false negative is done.

  Closes #​10664

• Fix false positive for invalid-name for TypedDict instances.

  Closes #​10672

v4.0.1

Compare Source

What's new in Pylint 4.0.1?

Release date: 2025-10-14

False Positives Fixed

• Exclude __all__ and __future__.annotations from unused-variable.

  Closes #​10019

• Fix false-positive for bare-name-capture-pattern if a case guard is used.

  Closes #​10647

• Check enums created with the Enum() functional syntax to pass against the
  --class-rgx for the invalid-name check, like other enums.

  Closes #​10660

v4.0.0

Compare Source

• Pylint now supports Python 3.14.

• Pylint's inference engine (astroid) is now much more precise,
  understanding implicit booleanness and ternary expressions. (Thanks @​zenlyj!)

Consider this example:

class Result:
    errors: dict | None = None

result = Result()
if result.errors:
    result.errors[field_key]

##### inference engine understands result.errors cannot be None
##### pylint no longer raises unsubscriptable-object

The required astroid version is now 4.0.0. See the astroid changelog for additional fixes, features, and performance improvements applicable to pylint.

• Handling of invalid-name at the module level was patchy. Now,
  module-level constants that are reassigned are treated as variables and checked
  against --variable-rgx rather than --const-rgx. Module-level lists,
  sets, and objects can pass against either regex.

Here, LIMIT is reassigned, so pylint only uses --variable-rgx:

LIMIT = 500  # [invalid-name]
if sometimes:
    LIMIT = 1  # [invalid-name]

If this is undesired, refactor using exclusive assignment so that it is
evident that this assignment happens only once:

if sometimes:
    LIMIT = 1
else:
    LIMIT = 500  # exclusive assignment: uses const regex, no warning

Lists, sets, and objects still pass against either const-rgx or variable-rgx
even if reassigned, but are no longer completely skipped:

MY_LIST = []
my_list = []
My_List = []  # [invalid-name]

Remember to adjust the regexes and allow lists to your liking.

Breaking Changes

• invalid-name now distinguishes module-level constants that are assigned only once
  from those that are reassigned and now applies --variable-rgx to the latter. Values
  other than literals (lists, sets, objects) can pass against either the constant or
  variable regexes (e.g. "LOGGER" or "logger" but not "LoGgEr").

  Remember that --good-names or --good-names-rgxs can be provided to explicitly
  allow good names.

  Closes #​3585

• The unused pylintrc argument to PyLinter.__init__() is deprecated
  and will be removed.

  Refs #​6052

• Commented out code blocks such as # bar() # TODO: remove dead code will no longer emit fixme.

  Refs #​9255

• pyreverse Run was changed to no longer call sys.exit() in its __init__.
  You should now call Run(args).run() which will return the exit code instead.
  Having a class that always raised a SystemExit exception was considered a bug.

  Normal usage of pyreverse through the CLI will not be affected by this change.

  Refs #​9689

• The suggestion-mode option was removed, as pylint now always emits user-friendly hints instead
  of false-positive error messages. You should remove it from your conf if it's defined.

  Refs #​9962

• The async.py checker module has been renamed to async_checker.py since async is a Python keyword
  and cannot be imported directly. This allows for better testing and extensibility of the async checker functionality.

  Refs #​10071

• The message-id of continue-in-finally was changed from E0116 to W0136. The warning is
  now emitted for every Python version since it will raise a syntax warning in Python 3.14.
  See PEP 765 - Disallow return/break/continue that exit a finally block.

  Refs #​10480

• Removed support for nmp.NaN alias for numpy.NaN being recognized in ':ref:nan-comparison'. Use np or numpy instead.

  Refs #​10583

• Version requirement for isort has been bumped to >=5.0.0.
  The internal compatibility for older isort versions exposed via pylint.utils.IsortDriver has
  been removed.

  Refs #​10637

New Features

• comparison-of-constants now uses the unicode from the ast instead of reformatting from
  the node's values preventing some bad formatting due to utf-8 limitation. The message now uses
  " instead of ' to better work with what the python ast returns.

  Refs #​8736

• Enhanced pyreverse to properly distinguish between UML relationship types (association, aggregation, composition) based on object ownership semantics. Type annotations without assignment are now treated as associations, parameter assignments as aggregations, and object instantiation as compositions.

  Closes #​9045
  Closes #​9267

• The fixme check can now search through docstrings as well as comments, by using
  check-fixme-in-docstring = true in the [tool.pylint.miscellaneous] section.

  Closes #​9255

• The use-implicit-booleaness-not-x checks now distinguish between comparisons
  used in boolean contexts and those that are not, enabling them to provide more accurate refactoring suggestions.

  Closes #​9353

• The verbose option now outputs the filenames of the files that have been checked.
  Previously, it only included the number of checked and skipped files.

  Closes #​9357

• colorized reporter now colorizes messages/categories that have been configured as fail-on in red inverse.
  This makes it easier to quickly find the errors that are causing pylint CI job failures.

  Closes #​9898

• Enhanced support for @​property decorator in pyreverse to correctly display return types of annotated properties when generating class diagrams.

  Closes #​10057

• Add --max-depth option to pyreverse to control diagram complexity. A depth of 0 shows only top-level packages, 1 shows one level of subpackages, etc.
  This helps manage visualization of large codebases by limiting the depth of displayed packages and classes.

  Refs #​10077

• Handle deferred evaluation of annotations in Python 3.14.

  Closes #​10149

• Enhanced pyreverse to properly detect aggregations for comprehensions (list, dict, set, generator).

  Closes #​10236

• pyreverse: add support for colorized output when using output format mmd (MermaidJS) and html.

  Closes #​10242

• pypy 3.11 is now officially supported.

  Refs #​10287

• Add support for Python 3.14.

  Refs #​10467

• Add naming styles for ParamSpec and TypeVarTuple that align with the TypeVar style.

  Refs #​10541

New Checks

• Add match-statements checker and the following message:
  bare-name-capture-pattern.
  This will emit an error message when a name capture pattern is used in a match statement which would make the remaining patterns unreachable.
  This code is a SyntaxError at runtime.

  Closes #​7128

• Add new check async-context-manager-with-regular-with to detect async context managers used with regular with statements instead of async with.

  Refs #​10408

• Add break-in-finally warning. Using break inside the finally clause
  will raise a syntax warning in Python 3.14.
  See PEP 765 - Disallow return/break/continue that exit a finally block <https://peps.python.org/pep-0765/>_.

  Refs #​10480

• Add new checks for invalid uses of class patterns in :keyword:match.

  • :ref:invalid-match-args-definition is emitted if :py:data:object.__match_args__ isn't a tuple of strings.
  • :ref:too-many-positional-sub-patterns if there are more positional sub-patterns than specified in :py:data:object.__match_args__.
  • :ref:multiple-class-sub-patterns if there are multiple sub-patterns for the same attribute.

  Refs #​10559

• Add additional checks for suboptimal uses of class patterns in :keyword:match.

  • :ref:match-class-bind-self is emitted if a name is bound to self instead of
    using an as pattern.
  • :ref:match-class-positional-attributes is emitted if a class pattern has positional
    attributes when keywords could be used.

  Refs #​10587

• Add a consider-math-not-float message. float("nan") and float("inf") are slower
  than their counterpart math.inf and math.nan by a factor of 4 (notwithstanding
  the initial import of math) and they are also not well typed when using mypy.
  This check also catches typos in float calls as a side effect.

  The :ref:pylint.extensions.code_style need to be activated for this check to work.

  Refs #​10621

False Positives Fixed

• Fix a false positive for used-before-assignment when a variable defined under
  an if and via a named expression (walrus operator) is used later when guarded
  under the same if test.

  Closes #​10061

• Fix :ref:no-name-in-module for members of concurrent.futures with Python 3.14.

  Closes #​10632

False Negatives Fixed

• Fix false negative for used-before-assignment when a TYPE_CHECKING import is used as a type annotation prior to erroneous usage.

  Refs #​8893

• Match cases are now counted as edges in the McCabe graph and will increase the complexity accordingly.

  Refs #​9667

• Check module-level constants with type annotations for invalid-name.
  Remember to adjust const-naming-style or const-rgx to your liking.

  Closes #​9770

• Fix false negative where function-redefined (E0102) was not reported for functions with a leading underscore.

  Closes #​9894

• We now raise a logging-too-few-args for format string with no
  interpolation arguments at all (i.e. for something like logging.debug("Awaiting process %s")
  or logging.debug("Awaiting process {pid}")). Previously we did not raise for such case.

  Closes #​9999

• Fix false negative for used-before-assignment when a function is defined inside a TYPE_CHECKING guard block and used later.

  Closes #​10028

• Fix a false negative for possibly-used-before-assignment when a variable is conditionally defined
  and later assigned to a type-annotated variable.

  Closes #​10421

• Fix false negative for deprecated-module when a __import__ method is used instead of import sentence.

  Refs #​10453

• Count match cases for too-many-branches check.

  Refs #​10542

• Fix false-negative where :ref:unused-import was not reported for names referenced in a preceding global statement.

  Refs #​10633

Other Bug Fixes

• When displaying unicode with surrogates (or other potential UnicodeEncodeError),
  pylint will now display a '?' character (using encode(encoding="utf-8", errors="replace"))
  instead of crashing. The functional tests classes are also updated to handle this case.

  Closes #​8736

• Fixed unidiomatic-typecheck only checking left-hand side.

  Closes #​10217

• Fix a crash caused by malformed format strings when using .format with keyword arguments.

  Closes #​10282

• Fix false positive inconsistent-return-statements when using quit() or exit() functions.

  Closes #​10508

• Fix a crash in :ref:nested-min-max when using builtins.min or builtins.max
  instead of min or max directly.

  Closes #​10626

• Fixed a crash in :ref:unnecessary-dict-index-lookup when the index of an enumerated list
  was deleted inside a for loop.

  Closes #​10627

Other Changes

• Remove support for launching pylint with Python 3.9.
  Code that supports Python 3.9 can still be linted with the --py-version=3.9 setting.

  Refs #​10405

Internal Changes

• Modified test framework to allow for different test output for different Python versions.

  Refs #​10382

v3.3.9

Compare Source

What's new in Pylint 3.3.9?

Release date: 2025-10-05

False Positives Fixed

• Fix used-before-assignment for PEP 695 type aliases and parameters.

  Closes #​9815

• No longer flag undeprecated functions in importlib.resources as deprecated.

  Closes #​10593

• Fix false positive inconsistent-return-statements when using quit() or exit() functions.

  Closes #​10508

• Fix false positive undefined-variable (E0602) for for-loop variable shadowing patterns like for item in item: when the variable was previously defined.

  Closes #​10562

Other Bug Fixes

• Fixed crash in 'unnecessary-list-index-lookup' when starting an enumeration using
  minus the length of an iterable inside a dict comprehension when the len call was only
  made in this dict comprehension, and not elsewhere. Also changed the approach,
  to use inference in all cases but the simple ones, so we don't have to fix crashes
  one by one for arbitrarily com

---

Configuration

📅 Schedule: Branch creation - "before 7am on monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.