Skip to content

uv: bump the python-deps group across 1 directory with 5 updates#915

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/uv/python-deps-62eb3e3401
Open

uv: bump the python-deps group across 1 directory with 5 updates#915
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/uv/python-deps-62eb3e3401

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 1, 2026
edited
Loading

Bumps the python-deps group with 5 updates in the / directory:

Package From To
packaging 25.0 26.0
ruff 0.14.9 0.14.14
coverage 7.13.0 7.13.2
mypy 1.19.0 1.19.1
poethepoet 0.38.0 0.40.0

Updates packaging from 25.0 to 26.0

Release notes

Sourced from packaging's releases.

26.0

Read about the performance improvements here: https://iscinumpy.dev/post/packaging-faster.

What's Changed

Features:

Behavior adaptations:

Fixes:

Performance:

... (truncated)

Changelog

Sourced from packaging's changelog.

26.0 - 2026-01-20


Features:

    

  • PEP 751: support pylock (:pull:900)
    • 

  • PEP 794: import name metadata (:pull:948)
    • 

  • Support for writing metadata to a file (:pull:846)
    • 

  • Support __replace__ on Version (:pull:1003)
    • 

  • Support positional pattern matching for Version and SpecifierSet (:pull:1004)
    • 



Behavior adaptations:


    

  • PEP 440 handling of prereleases for Specifier.contains, SpecifierSet.contains, and SpecifierSet.filter (:pull:897)
    • 

  • Handle PEP 440 edge case in SpecifierSet.filter (:pull:942)
    • 

  • Adjust arbitrary equality intersection preservation in SpecifierSet (:pull:951)
    • 

  • Return False instead of raising for .contains with invalid version (:pull:932)
    • 

  • Support arbitrary equality on arbitrary strings for Specifier and SpecifierSet's filter and contains method. (:pull:954)
    • 

  • Only try to parse as Version on certain marker keys, return False on unequal ordered comparisons (:pull:939)
    • 



Fixes:


    

  • Update _hash when unpickling Tag() (:pull:860)
    • 

  • Correct comment and simplify implicit prerelease handling in Specifier.prereleases (:pull:896)
    • 

  • Use explicit _GLibCVersion NamedTuple in _manylinux (:pull:868)
    • 

  • Detect invalid license expressions containing () (:pull:879)
    • 

  • Correct regex for metadata 'name' format (:pull:925)
    • 

  • Improve the message around expecting a semicolon (:pull:833)
    • 

  • Support nested parens in license expressions (:pull:931)
    • 

  • Add space before at symbol in Requirements string (:pull:953)
    • 

  • A root logger use found, use a packaging logger instead (:pull:965)
    • 

  • Better support for subclassing Marker and Requirement (:pull:1022)
    • 

  • Normalize all extras, not just if it comes first (:pull:1024)
    • 

  • Don't produce a broken repr if Marker fails to construct (:pull:1033)
    • 



Performance:


    

  • Avoid recompiling regexes in the tokenizer for a 3x speedup (:pull:1019)
    • 

  • Improve performance in _manylinux.py (:pull:869)
    • 

  • Minor cleanups to Version (:pull:913)
    • 

  • Skip redundant creation of Version's in specifier comparison (:pull:986)
    • 

  • Cache the Specifier's Version (:pull:985)
    • 

  • Make Version a little faster (:pull:987)
    • 

  • Minor Version regex cleanup (:pull:990)
    • 

  • Faster regex on Python 3.11.5+ for Version (:pull:988, :pull:1055)
    • 

  • Lazily calculate _key in Version (:pull:989, :pull:1048)
    • 

  • Faster canonicalize_version (:pull:993)
    • 

  • Use re.fullmatch in a couple more places (:pull:992, :pull:1029)
    • 

  • Use map instead of generator (:pull:996)
    • 

  • Deprecate ._version (_Version, a NamedTuple) (:pull:995, :pull:1062)
    
</tr></table>

... (truncated)

Commits

Updates ruff from 0.14.9 to 0.14.14

Release notes

Sourced from ruff's releases.

0.14.14

Release Notes

Released on 2026-01-22.

Preview features

  • Preserve required parentheses in lambda bodies (#22747)
  • Combine range suppression code diagnostics (#22613)
  • [airflow] Second positional argument to Asset/Dataset should not be a dictionary (AIR303) (#22453)
  • [ruff] Detect duplicate entries in __all__ (RUF068) (#22114)

Bug fixes

  • [pyupgrade] Allow shadowing non-builtin bindings (UP029) (#22749)
  • [pyupgrade] Apply UP045 to string arguments of typing.cast (#22320)
  • [flake8-pie] Detect duplicated declared class fields in PIE794 (#22717)

Rule changes

Documentation

  • Add --exit-non-zero-on-format to formatter exit codes section (#22761)
  • Update contributing guide for adding a new rule (#22779)
  • [FastAPI] Document fix safety for FAST001 (#22655)
  • [flake8-async] Tweak explanation to focus on latency/efficiency tradeoff (ASYNC110) (#22715)
  • [pandas-vet] Make example error out-of-the-box (PD002) (#22561)
  • [refurb] Make the example work out of box (FURB101) (#22770)
  • [refurb] Make the example work out of box (FURB103) (#22769)

Contributors

... (truncated)

Changelog

Sourced from ruff's changelog.

0.14.14

Released on 2026-01-22.

Preview features

  • Preserve required parentheses in lambda bodies (#22747)
  • Combine range suppression code diagnostics (#22613)
  • [airflow] Second positional argument to Asset/Dataset should not be a dictionary (AIR303) (#22453)
  • [ruff] Detect duplicate entries in __all__ (RUF068) (#22114)

Bug fixes

  • [pyupgrade] Allow shadowing non-builtin bindings (UP029) (#22749)
  • [pyupgrade] Apply UP045 to string arguments of typing.cast (#22320)
  • [flake8-pie] Detect duplicated declared class fields in PIE794 (#22717)

Rule changes

Documentation

  • Add --exit-non-zero-on-format to formatter exit codes section (#22761)
  • Update contributing guide for adding a new rule (#22779)
  • [FastAPI] Document fix safety for FAST001 (#22655)
  • [flake8-async] Tweak explanation to focus on latency/efficiency tradeoff (ASYNC110) (#22715)
  • [pandas-vet] Make example error out-of-the-box (PD002) (#22561)
  • [refurb] Make the example work out of box (FURB101) (#22770)
  • [refurb] Make the example work out of box (FURB103) (#22769)

Contributors

... (truncated)

Commits
  • 8b2e7b3 Prepare release v0.14.14 (#22813)
  • 4c7d1f5 [ty] Infer TypedDict types with >=1 required key as being always truthy (#2...
  • b7de434 add CCfW hooks (#22803)
  • b912dfc [pyupgrade] Apply UP045 to string arguments of typing.cast (#22320)
  • 1ff062d [ty] Improve completion rankings for raise-from/except contexts (#22775)
  • 7e408a5 Update dependency wrangler to v4.59.1 (#22793)
  • ceb876b [flake8-pyi] Fix inconsistent handling of forward references for __new__,...
  • c5b4ee6 [ty] Support solving generics involving PEP 695 type aliases (#22678)
  • b9a6129 [ty] Improve support for kwarg splats in dictionary literals (#22781)
  • f516d47 Update contributing guide for adding a new rule (#22779)
  • Additional commits viewable in compare view

Updates coverage from 7.13.0 to 7.13.2

Changelog

Sourced from coverage's changelog.

Version 7.13.2 — 2026-01-25

  • Fix: when Python is installed via symlinks, for example with Homebrew, the standard library files could be incorrectly included in coverage reports. This is now fixed, closing issue 2115_.

  • Fix: if a data file is created with no read permissions, the combine step would fail completely. Now a warning is issued and the file is skipped. Closes issue 2117_.

.. _issue 2115: coveragepy/coveragepy#2115 .. _issue 2117: coveragepy/coveragepy#2117

.. _changes_7-13-1:

Version 7.13.1 — 2025-12-28

  • Added: the JSON report now includes a "start_line" key for function and class regions, indicating the first line of the region in the source. Closes issue 2110_.

  • Added: The debug data command now takes file names as arguments on the command line, so you can inspect specific data files without needing to set the COVERAGE_FILE environment variable.

  • Fix: the JSON report used to report module docstrings as executed lines, which no other report did, as described in issue 2105_. This is now fixed, thanks to Jianrong Zhao.

  • Fix: coverage.py uses a more disciplined approach to detecting where third-party code is installed, and avoids measuring it. This shouldn't change any behavior. If you find that it does, please get in touch.

  • Performance: data files that will be combined now record their hash as part of the file name. This lets us skip duplicate data more quickly, speeding the combining step.

  • Docs: added a section explaining more about what is considered a missing branch and how it is reported: :ref:branch_explain, as requested in issue 1597. Thanks to Ayisha Mohammed <pull 2092_>.

  • Tests: the test suite misunderstood what core was being tested if COVERAGE_CORE wasn't set on 3.14+. This is now fixed, closing issue 2109_.

.. _issue 1597: coveragepy/coveragepy#1597 .. _pull 2092: coveragepy/coveragepy#2092

... (truncated)

Commits
  • 513e971 docs: sample HTML for 7.13.2
  • 27a8230 docs: prep for 7.13.2
  • 27d8daa refactor: plural does more
  • a2f248c fix: stdlib might be through a symlink. #2115
  • bc52a22 debug: re-organize Matchers to show more of what they do
  • f338d81 debug: build is a tuple, don't show it on two lines
  • 92020e4 refactor(test): convert to parametrized
  • 6387d0a test: let (most) tests run with no network
  • 1d31e33 build: workflows sometimes need more than 10 min
  • 6294978 refactor: an error message is now uniform across versions
  • Additional commits viewable in compare view

Updates mypy from 1.19.0 to 1.19.1

Changelog

Sourced from mypy's changelog.

Mypy 1.19.1

  • Fix noncommutative joins with bounded TypeVars (Shantanu, PR 20345)
  • Respect output format for cached runs by serializing raw errors in cache metas (Ivan Levkivskyi, PR 20372)
  • Allow types.NoneType in match cases (A5rocks, PR 20383)
  • Fix mypyc generator regression with empty tuple (BobTheBuidler, PR 20371)
  • Fix crash involving Unpack-ed TypeVarTuple (Shantanu, PR 20323)
  • Fix crash on star import of redefinition (Ivan Levkivskyi, PR 20333)
  • Fix crash on typevar with forward ref used in other module (Ivan Levkivskyi, PR 20334)
  • Fail with an explicit error on PyPy (Ivan Levkivskyi, PR 20389)

Acknowledgements

Thanks to all mypy contributors who contributed to this release:

  • A5rocks
  • BobTheBuidler
  • bzoracler
  • Chainfire
  • Christoph Tyralla
  • David Foster
  • Frank Dana
  • Guo Ci
  • iap
  • Ivan Levkivskyi
  • James Hilton-Balfe
  • jhance
  • Joren Hammudoglu
  • Jukka Lehtosalo
  • KarelKenens
  • Kevin Kannammalil
  • Marc Mueller
  • Michael Carlstrom
  • Michael J. Sullivan
  • Piotr Sawicki
  • Randolf Scholz
  • Shantanu
  • Sigve Sebastian Farstad
  • sobolevn
  • Stanislav Terliakov
  • Stephen Morton
  • Theodore Ando
  • Thiago J. Barbalho
  • wyattscarpenter

I’d also like to thank my employer, Dropbox, for supporting mypy development.

Mypy 1.18

We’ve just uploaded mypy 1.18.1 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance

... (truncated)

Commits

Updates poethepoet from 0.38.0 to 0.40.0

Release notes

Sourced from poethepoet's releases.

0.40.0

Enhancements

Fixes

Code improvements

Full Changelog: nat-n/poethepoet@v0.39.0...v0.40.0

0.39.0

Enhancements

  • Add support for uv executor options by @​rochacbruno and @​nat-n in nat-n/poethepoet#327
    • feat: add various options to the uv executor to be passed to the uv run command
    • feat: allow task executor to be configure with just the type as a string
    • feat executor options to be set at runtime via the new --executor-opt cli global option
    • feat: allow inheritance of compatible executor options from global to task to runtime
    • refactor: extend PoeOptions to support annotating config fields with a config_name to parse, separate from the attribute name
    • refactor: some micro-optimizations to PoeOptions and AnnotationType
    • doc: Add guide for replacing tox with poe + uv
    • doc: tidy up executor docs
    • doc: fix typo in doc for expr task
    • test: improve test coverage of PoeOptions
    • test: disable some test cases on windows that are too flaky

New Contributors

Full Changelog: nat-n/poethepoet@v0.38.0...v0.39.0

Commits
  • 0a7247d Bump version to 0.40.0
  • 312e74a feat: Add choices option to constrain named arguments (#348)
  • 5e0b3e5 feat: support ignore_fail on execution task types and ref tasks (#347)
  • a3c97e1 test: ensure the test virtual environment is always removed (#346)
  • bc04e2f feat: support capture_output on ref tasks (#343)
  • f7b82ef fix: global executor option (#340)
  • 8e7b116 fix: handle SIGHUP and SIGBREAK signals to stop tasks (#344)
  • 8e51f2b refactor: modernize type annotations (#339)
  • 72a9225 fix: set uv to quiet during shell completion (#338)
  • c6c7306 feat: allow optional envfiles without warnings (#337)
  • Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Feb 1, 2026
@dependabot
uv: bump the python-deps group across 1 directory with 5 updates
d8c7343 
Bumps the python-deps group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [packaging](https://github.com/pypa/packaging) | `25.0` | `26.0` |
| [ruff](https://github.com/astral-sh/ruff) | `0.14.9` | `0.14.14` |
| [coverage](https://github.com/coveragepy/coveragepy) | `7.13.0` | `7.13.2` |
| [mypy](https://github.com/python/mypy) | `1.19.0` | `1.19.1` |
| [poethepoet](https://github.com/nat-n/poethepoet) | `0.38.0` | `0.40.0` |



Updates `packaging` from 25.0 to 26.0
- [Release notes](https://github.com/pypa/packaging/releases)
- [Changelog](https://github.com/pypa/packaging/blob/main/CHANGELOG.rst)
- [Commits](pypa/packaging@25.0...26.0)

Updates `ruff` from 0.14.9 to 0.14.14
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.14.9...0.14.14)

Updates `coverage` from 7.13.0 to 7.13.2
- [Release notes](https://github.com/coveragepy/coveragepy/releases)
- [Changelog](https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst)
- [Commits](coveragepy/coveragepy@7.13.0...7.13.2)

Updates `mypy` from 1.19.0 to 1.19.1
- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md)
- [Commits](python/mypy@v1.19.0...v1.19.1)

Updates `poethepoet` from 0.38.0 to 0.40.0
- [Release notes](https://github.com/nat-n/poethepoet/releases)
- [Commits](nat-n/poethepoet@v0.38.0...v0.40.0)

---
updated-dependencies:
- dependency-name: packaging
  dependency-version: '26.0'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: python-deps
- dependency-name: ruff
  dependency-version: 0.14.14
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: python-deps
- dependency-name: coverage
  dependency-version: 7.13.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: python-deps
- dependency-name: mypy
  dependency-version: 1.19.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: python-deps
- dependency-name: poethepoet
  dependency-version: 0.40.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: python-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/uv/python-deps-62eb3e3401 branch from 41e7732 to d8c7343 Compare March 1, 2026 21:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants