chore(deps): bump the python group across 1 directory with 16 updates

[dependabot]

Bumps the python group with 16 updates in the / directory:

Package	From	To
certifi	2026.4.22	2026.6.17
channels	4.2.2	4.3.2
channels-redis	4.2.1	4.3.0
django	6.0.4	6.0.6
django-allauth[mfa]	65.16.1	65.18.0
django-environ	0.13.0	0.14.0
hiredis	3.3.1	3.4.0
uvicorn[standard]	0.46.0	0.49.0
coverage	7.13.5	7.14.1
django-stubs[compatible-mypy]	6.0.3	6.0.5
djangorestframework-stubs	3.16.9	3.17.0
djlint	1.36.4	1.39.2
mypy-boto3-s3	1.43.5	1.43.31
pytest	9.0.3	9.1.0
ruff	0.15.12	0.15.18
watchfiles	1.1.1	1.2.0

Updates certifi from 2026.4.22 to 2026.6.17

Commits

• d0ac52f 2026.06.17 (#418)
• d46de62 Bump actions/checkout from 6.0.2 to 6.0.3 (#417)
• 6c183ec fix: update Requests docs link to canonical URL (#415)
• 36e3568 Bump dessant/lock-threads from 6.0.0 to 6.0.2
• d7ea151 2026.05.20 (#413)
• See full diff in compare view

Updates channels from 4.2.2 to 4.3.2

Changelog

Sourced from channels's changelog.

4.3.2 (2025-11-20)

• Confirmed support for Django 6.0.

• Confirmed support for Python 3.14.

• Added types extra for types-channels stubs. See installation docs.

4.3.1 (2025-08-01)

• Fixed testing live server setup when test DB name was not set.

4.3.0 (2025-07-28)

• Updated asgiref dependency to v3.9+.

• Dropped support for EOL Python and Django versions. Python 3.9 is now the minimum supported version.

• Fixed compatibility of ChannelsLiveServerTestCase with Django 5.2.

• Fixed DB setup for spawned testing subprocess, typically on Windows and macOS.

See the Version 4.3.0 release notes <https://channels.readthedocs.io/en/latest/releases/4.3.0.html>_ for more details.

Commits

• 15333cd Version 4.3.2
• 10be531 Add explicit dj60 to test matrix.
• f726845 Update .github/workflows/tests.yml
• 0c1e533 tox.ini: envlist py{310,311,312,313,314}-dj52
• b2ad89f GitHub Actions: Test on Python 3.14 release candidate 2
• a135228 Bump actions/checkout from 4 to 5 (#2180)
• 7dfcc7b Add types extra and installation docs for type checking support.
• 95589a7 Version 4.3.1.
• 5038d69 Fix live server setup when test DB name not set.
• f17a8fe Bump browser-actions/setup-chrome from 1 to 2 (#2175)
• Additional commits viewable in compare view

Updates channels-redis from 4.2.1 to 4.3.0

Changelog

Sourced from channels-redis's changelog.

4.3.0 (2025-07-22)

• Added support for Python 3.13.

• Dropped support for EOL Python 3.8.

• Updated Channels dependency to at least v4.2.2.

• Updated asgiref dependency to at least v3.9.1.

• Fixed compatibility with latest versions of pytest-asyncio.

• Renamed internal methods in core channel layer for compatibility with Channels v4.2.1+

• Dropped testing against legacy Channels v3 branch.

• Updated testing against latest redis-py versions.

Commits

• 8498605 Updated version and changelog for v4.3.0.
• 3e03c45 Update Channels and asgiref dependencies to latest versions.
• 3f42840 Update redis-py testing matrix
• 4f35ef5 Adjust Channels testing matrix.
• 26f3f8f Renamed internal methods in core channel layer.
• b359bf7 Stop using old event_loop fixture.
• f439527 Dropped Python 3.8 from test matrix.
• 662b90d Added support for Python 3.13 (#404)
• See full diff in compare view

Updates django from 6.0.4 to 6.0.6

Commits

• ee93f65 [6.0.x] Bumped version for 6.0.6 release.
• 1721035 [6.0.x] Fixed CVE-2026-48587 -- Ignored whitespace padding when checking Vary...
• 664652f [6.0.x] Fixed CVE-2026-35193 -- Varied on Authorization when caching non-publ...
• b433025 [6.0.x] Fixed CVE-2026-8404 -- Used Cache-Control directives case-insensitive...
• 625a670 [6.0.x] Fixed CVE-2026-7666 -- Delayed setting SMTP connection until fully co...
• c807d9c [6.0.x] Fixed CVE-2026-6873 -- Prevented signed cookie salt namespace collisi...
• 98a75e3 [6.0.x] Included commit hash in checksum file when building artifacts for rel...
• dd895d6 [6.0.x] Updated translations from Transifex.
• 49ca2db [6.0.x] Updated links to severity levels in release notes.
• c9f32a2 [6.0.x] Added stub release notes and release date for 6.0.6 and 5.2.15.
• Additional commits viewable in compare view

Updates django-allauth[mfa] from 65.16.1 to 65.18.0

Commits

• See full diff in compare view

Updates django-environ from 0.13.0 to 0.14.0

Release notes

Sourced from django-environ's releases.

v0.14.0

django-environ 0.14.0 improves type annotations across Env and updates Env.read_env() to support caller-owned file-like objects without closing them.

This is the final django-environ release supporting Python 3.9.

Added

• Type annotations and matching docstring information for Env methods.
• A conditional typing_extensions dependency providing TypeAlias on Python 3.9.

Changed

• Env.read_env() now accepts path-like and file-like objects without closing file-like objects supplied by the caller.

Fixed

• Env.read_env() now raises an explicit error when it cannot determine the caller frame used to resolve the default .env path.

Full changelog: joke2k/django-environ@v0.13.0...v0.14.0

PyPI: https://pypi.org/project/django-environ/0.14.0/

Changelog

Sourced from django-environ's changelog.

v0.14.0_ - 18-June-2026

Added +++++

• Added type annotations and matching docstring information to Env methods [#633](https://github.com/joke2k/django-environ/issues/633) <https://github.com/joke2k/django-environ/pull/633>_.
• Added a Python 3.9 compatibility dependency on typing_extensions for TypeAlias [#633](https://github.com/joke2k/django-environ/issues/633) <https://github.com/joke2k/django-environ/pull/633>_.

Changed +++++++

• Updated Env.read_env() to accept path-like and file-like objects without closing file-like objects supplied by the caller [#633](https://github.com/joke2k/django-environ/issues/633) <https://github.com/joke2k/django-environ/pull/633>_.

Fixed +++++

• Added an explicit error when Env.read_env() cannot determine its caller frame while resolving the default .env path [#633](https://github.com/joke2k/django-environ/issues/633) <https://github.com/joke2k/django-environ/pull/633>_.

Commits

• 6e1b461 Merge pull request #635 from joke2k/release/0.14.0
• b65f66e chore(release): prepare 0.14.0
• 39f980a Merge pull request #633 from joke2k/hotfix/0.14-apply-pr-600
• 020825c ci: allow release and hotfix PRs to target main
• 6c1dd5b fix(typing): support TypeAlias on Python 3.9
• c0d7b2b Ensure Env.read_env supports any file-like object
• c41ee54 Guard against an inability to read stack frames
• 64bfe4b Add type information to docstrings
• 791df95 Add type annotations to str and bool parameters of methods in Env
• 4370592 Merge branch 'develop' into main
• See full diff in compare view

Updates hiredis from 3.3.1 to 3.4.0

Release notes

Sourced from hiredis's releases.

3.4.0

Changes

• Add support for building and releasing hiredis-py on Windows ARM64 (#225)
• Use hiredis v1.4.0 with improved floating-point number parsing
• Drop python and pypy 3.8 support, test against pypy-3.11 (#223)

Maintainance

• Update dependencies and fix CI (#233)
• Fix benchmarking for hiredis-py (#232)
• Update workflow versions to address Node v20 deprecation (#228)
• Run integration tests on Windows ARM64 for Python 3.11 and 3.14 (#226)
• Bump memray from 1.17.1 to 1.19.2 (#224)
• Bump GitHub action versions (#222)
• Add Python 3.15.0a7 to CI matrix (#221)
• MNT: do not use deprecated load_module method (#218)
• Use Python 3.11 in FreeBSD CI run (#219)
• Bump version to 3.4.0-dev (#216)

Contributors

We'd like to thank all the contributors who worked on this release!

@​MugundanMCW, @​tacaswell, @​uglide

Commits

• 54c1938 Version 3.4.0
• d538033 Beta-2 is not available yet, use beta-1
• 41cbe8d Use 3.15.0-beta.2 in CI
• 427a121 Add apt-get update to fix CI
• 6982e3e Bump hiredis to v1.4.0
• 5eadef1 Update workflow versions to address Node v20 deprecation (#228)
• 059ccbc Run integration tests on Windows ARM64 for Python 3.11 and 3.14 (#226)
• 6f1147f Add support for building and releasing hiredis-py on Windows ARM64 (#225)
• b49261b Bump memray from 1.17.1 to 1.19.2 (#224)
• c30abed Drop python and pypy 3.8 support, test against pypy-3.11 (#223)
• Additional commits viewable in compare view

Updates uvicorn[standard] from 0.46.0 to 0.49.0

Release notes

Sourced from uvicorn[standard]'s releases.

Version 0.49.0

What's Changed

• Bump httptools minimum version to 0.8.0 by @​Kludex in Kludex/uvicorn#2962
• Consume duplicate forwarding headers in ProxyHeadersMiddleware (reverses the 0.48.0 behavior of ignoring them) by @​Kludex in Kludex/uvicorn#2971

Full Changelog: Kludex/uvicorn@0.48.0...0.49.0

Version 0.48.0

What's Changed

• Default ssl_ciphers to None and use OpenSSL defaults by @​Kludex in Kludex/uvicorn#2940
• Ignore duplicate forwarding headers in ProxyHeadersMiddleware by @​Kludex in Kludex/uvicorn#2944

Full Changelog: Kludex/uvicorn@0.47.0...0.48.0

Version 0.47.0

What's Changed

• Eagerly import the ASGI app in the parent process by @​Kludex in Kludex/uvicorn#2919
• Add ssl_context_factory for custom SSLContext configuration by @​Kludex in Kludex/uvicorn#2920
• Treat fd=0 as a valid file descriptor with reload/workers by @​eltoder in Kludex/uvicorn#2927

Full Changelog: Kludex/uvicorn@0.46.0...0.47.0

Changelog

Sourced from uvicorn[standard]'s changelog.

0.49.0 (June 3, 2026)

Changed

• Bump httptools minimum version to 0.8.0 (#2962)
• Consume duplicate forwarding headers in ProxyHeadersMiddleware (reverses the 0.48.0 behavior of ignoring them) (#2971)

0.48.0 (May 24, 2026)

Changed

• Default ssl_ciphers to None and use OpenSSL defaults (#2940)

Fixed

• Ignore duplicate forwarding headers in ProxyHeadersMiddleware (#2944)

0.47.0 (May 14, 2026)

Added

• Add ssl_context_factory for custom SSLContext configuration (#2920)

Changed

• Eagerly import the ASGI app in the parent process (#2919)

Fixed

• Treat fd=0 as a valid file descriptor with reload/workers (#2927)

Commits

• 3ef2e3e Version 0.49.0 (#2973)
• eeb64b1 Consume duplicate forwarding headers in ProxyHeadersMiddleware (#2971)
• 630f4ac Make the watchfiles reload tests deterministic (#2972)
• 9154922 chore(deps): bump the github-actions group across 1 directory with 6 updates ...
• 739727a Migrate docs deploy from Cloudflare Pages to Workers (#2967)
• be4a240 Gate docs preview deploy on Cloudflare token presence (#2966)
• c489d7e Bump httptools minimum version to 0.8.0 (#2962)
• 9f547bd Skip docs preview deploy for Dependabot PRs (#2961)
• 44446b8 Migrate documentation from MkDocs Material to Zensical (#2959)
• cfd659c Bump pymdown-extensions to 10.21.3 (#2958)
• Additional commits viewable in compare view

Updates coverage from 7.13.5 to 7.14.1

Changelog

Sourced from coverage's changelog.

Version 7.14.1 — 2026-05-26

• Fix: the HTML report used typographic niceties to make file paths more readable by adding a small amount of space around slashes. Those spaces interfered with searching the page for file paths of interest. Now the report uses CSS to accomplish the same visual tweak so that searches with slashes work correctly. Closes issue 2170_.

• Add a 3.16 PyPI classifier <hugo-316_>_ since we test on the 3.16 main branch.

.. _issue 2170: coveragepy/coveragepy#2170 .. _hugo-316: https://mastodon.social/@​hugovk/116588523571204490

.. _changes_7-14-0:

Version 7.14.0 — 2026-05-10

• Feature: now when running one of the reporting commands, if there are parallel data files that need combining, they will be implicitly combined before creating the report. There is no option to avoid the combination; let us know if you have a use case that requires it. Thanks, Tim Hatch <pull 2162_>. Closes issue 1781.

• Fix: the output from combine was too verbose, listing each file considered. Now it shows a single line with the counts of files combined, files skipped, and files with errors. The -q flag suppresses this line. The old detailed lines are available with the new --debug=combine option.

• Fix: running a Python file through a symlink now sets the sys.path correctly, matching regular Python behavior. Fixes issue 2157_.

• Fix: Collector.flush_data could fail with "RuntimeError: Set changed size during iteration" when a tracer in another thread added a line to the per-file set that add_lines (or add_arcs) was iterating. The values passed to CoverageData are now snapshotted via dict.copy() and set.copy(), which are atomic under the GIL. Thanks, Alex Vandiver <pull 2165_>_.

• Fix: the soft keyword lazy is now bolded in HTML reports.

• We are no longer testing eventlet support. Eventlet started issuing stern deprecation warnings that break our tests. Our support code is still there.

.. _issue 1781: coveragepy/coveragepy#1781 .. _issue 2157: coveragepy/coveragepy#2157 .. _pull 2162: coveragepy/coveragepy#2162

... (truncated)

Commits

• 64d9b66 docs: correct the date for 7.14.1
• 6fa7dd4 chore: bump actions/dependency-review-action (#2181)
• 078afae docs: sample HTML for 7.14.1
• cb4f028 docs: prep for 7.14.1
• ae2d09f Merge branch 'nedbat/classifire-316-kits'
• 2c3568b build: declare 3.16 compatibility
• faa68f8 chore: bump github/codeql-action in the action-dependencies group (#2173)
• eb55fee test: we don't need PyPy < 7.3.22 anymore
• ac168fe test: the text summary should show missing
• fed4bd2 chore: upgrade virtualenv
• Additional commits viewable in compare view

Updates django-stubs[compatible-mypy] from 6.0.3 to 6.0.5

Release notes

Sourced from django-stubs[compatible-mypy]'s releases.

Version 6.0.5

What's Changed

• Accept datetime/timedelta on reverse ops of Combinable by @​federicobond in typeddjango/django-stubs#3361
• Update dependency pyrefly to v0.64.1 by @​renovate[bot] in typeddjango/django-stubs#3377
• Preserve row type when .annotate() is called on a generic QuerySet by @​federicobond in typeddjango/django-stubs#3379
• Fix type checking of __in lookup by @​ngnpope in typeddjango/django-stubs#3314
• Fix GenericPrefetch invariance with QuerySet by @​pmdevita in typeddjango/django-stubs#3380
• Preserve row type in merge_annotations_from_custom_method by @​federicobond in typeddjango/django-stubs#3383
• Add mypy 2.1.0 support by @​sobolevn in typeddjango/django-stubs#3384
• Update pyrefly to 1.0.0 by @​sobolevn in typeddjango/django-stubs#3386
• Fix related_model type for mypy 2.1 by @​UnknownPlatypus in typeddjango/django-stubs#3388
• Re-enable empty-body error code for mypy and ty by @​ngnpope in typeddjango/django-stubs#3390
• Fix mark_safe to accept StrOrPromise by @​Alexerson in typeddjango/django-stubs#3392
• Enable unused-ignore code in pyrefly by @​UnknownPlatypus in typeddjango/django-stubs#3393
• Fix InlineModelAdmin parent-object method signatures by @​MyGodIsHe in typeddjango/django-stubs#3308
• Fix AdminSite.register typing by @​noamkush in typeddjango/django-stubs#3387

New Contributors

• @​pmdevita made their first contribution in typeddjango/django-stubs#3380
• @​MyGodIsHe made their first contribution in typeddjango/django-stubs#3308

Full Changelog: typeddjango/django-stubs@6.0.4...6.0.5

6.0.4

mypy@2.0 support is added.

What's Changed

• Add more test field nullable by @​UnknownPlatypus in typeddjango/django-stubs#3325
• Add RedisCache._cache by @​sobolevn in typeddjango/django-stubs#3337
• Extract analyze_member_access helper into helpers module by @​UnknownPlatypus in typeddjango/django-stubs#3339
• Type-check defaults and create_defaults dict literals by @​federicobond in typeddjango/django-stubs#3326
• Relax constraint on finders.find(all=...) by @​UnknownPlatypus in typeddjango/django-stubs#3352
• Type EmailMessage.message() return as stdlib email.message.EmailMessage by @​ahmedasar00 in typeddjango/django-stubs#3291
• Fix annotate leak across functions by @​UnknownPlatypus in typeddjango/django-stubs#3330
• Accept single str/Combinable for Aggregate.order_by by @​federicobond in typeddjango/django-stubs#3357
• Expose Aggregate kwargs on subclass __init__ stubs by @​federicobond in typeddjango/django-stubs#3359
• Replace **flags with explicit kwargs on Library.filter by @​federicobond in typeddjango/django-stubs#3360
• Resolve default_alias for positional Aggregate in annotate() by @​federicobond in typeddjango/django-stubs#3362
• Update Django to 6.0.5 by @​sobolevn in typeddjango/django-stubs#3369

New Contributors

• @​bitmooze made their first contribution in typeddjango/django-stubs#3331

Full Changelog: typeddjango/django-stubs@6.0.3...6.0.4

Commits

• 8f534d0 Version 6.0.5 release (#3402)
• 16679ef Fix AdminSite.register typing (#3387)
• 030484f Update dependency ty to v0.0.38 (#3400)
• 906abd5 Fix InlineModelAdmin parent-object method signatures (#3308)
• ad05f89 Update ty to v0.0.37 (#3399)
• c67f6b4 Update int128/hide-comment-action action to v1.59.0 (#3397)
• 5322457 [pre-commit.ci] pre-commit autoupdate (#3396)
• e097380 Update dependency ty to v0.0.36 (#3395)
• 97b6e0e Update dependency pytest-mypy-plugins to v4.0.3 (#3394)
• 5680543 Enable unused-ignore code in pyrefly (#3393)
• Additional commits viewable in compare view

Updates djangorestframework-stubs from 3.16.9 to 3.17.0

Release notes

Sourced from djangorestframework-stubs's releases.

3.17.0

Versioning

This is the first version targeting djangorestframework v3.17 and django-stubs v6.0. However, not all stubs have been updated yet for 3.17:

• See https://github.com/typeddjango/djangorestframework-stubs/blob/master/scripts/stubtest/allowlist_todo_317.txt for remaining work
• Please open pull requests, but keep changes small.
• First check that nobody is already working on that topic: https://github.com/typeddjango/djangorestframework-stubs/pulls

What's Changed

• Add UniqueTogetherValidator code support and fix defaults in validators by @​emmanuel-ferdman in typeddjango/djangorestframework-stubs#947
• Add missing decorator stubs for DRF 3.17 by @​emmanuel-ferdman in typeddjango/djangorestframework-stubs#949
• Change Serializer context type dict -> Mapping by @​BrianHicks in typeddjango/djangorestframework-stubs#946
• Clean up and improve rest_framework.renderers by @​emmanuel-ferdman in typeddjango/djangorestframework-stubs#960
• Clean up and improve rest_framework.fields by @​emmanuel-ferdman in typeddjango/djangorestframework-stubs#964

Housekeeping

• Update dependency djangorestframework to v3.17.1 & add new allowlist by @​intgr in typeddjango/djangorestframework-stubs#941
• Lock file maintenance - Django 5.2.13 & 6.0.4 by @​intgr in typeddjango/djangorestframework-stubs#962
• Unpin types-* dev dependencies for automatic Renovate updates by @​Copilot in typeddjango/djangorestframework-stubs#983
• Version 3.17.0 release by @​intgr in typeddjango/djangorestframework-stubs#984

New Contributors

• @​BrianHicks made their first contribution in typeddjango/djangorestframework-stubs#946
• @​Copilot made their first contribution in typeddjango/djangorestframework-stubs#983

Full Changelog: typeddjango/djangorestframework-stubs@3.16.9...3.17.0

Commits

• dcaf560 Version 3.17.0 release (#984)
• 9ac7355 Clean up and improve rest_framework.fields (#964)
• 4f367f1 Lock file maintenance
• 7923d06 Unpin types-* dev dependencies for automatic Renovate updates (#983)
• b2d9250 Update dependency mypy to v2 (#975)
• 77b63b4 Lock file maintenance (#982)
• 96a5e21 [pre-commit.ci] pre-commit autoupdate (#981)
• b6c3e02 Update dependency types-pyyaml to v6.0.12.20260510 (#980)
• cc0af26 Update dependency types-requests to v2.33.0.20260508 (#978)
• 001b9c2 Update dependency types-pyyaml to v6.0.12.20260508 (#977)
• Additional commits viewable in compare view

Updates djlint from 1.36.4 to 1.39.2

Release notes

Sourced from djlint's releases.

v1.39.2

v1.39.1 was not published due to mypyc compilation error.

Packaging

• Fix mypyc compilation.

v1.39.1

This release was not published due to mypyc compilation error.

Fix

• Avoid false T027 reports for apostrophes inside quoted template strings.
• Format Alpine.js object methods in attributes when format_attribute_js_json is enabled.
• Preserve indentation after inline Jinja control-flow blocks that start with whitespace trim markers, such as {%- if ... %}...{% endif %}.
• Preserve safe inner quote style for Jinja function calls inside quoted HTML attributes.

v1.39.0

Feature

• Add preserve_class_newlines / --preserve-class-newlines to keep authored line breaks inside multiline class attributes. #495

Fix

• Fix Django 6.0 {% partialdef %} block indentation so {% endpartialdef %} aligns with its opener. #1556
• Preserve multiline Django/Jinja control-flow blocks instead of condensing short bodies onto one line. #1597
• Preserve single-line inline HTML and template tag bodies during expansion, even when they exceed max_line_length.

v1.38.2

• Fix python -m djlint not working due to mypyc compilation.

v1.38.1

Fix

• Match exclude paths on path boundaries. #1028

v1.38.0

Feature

• Add support for .djlint.toml project and global config files. #1181

Fix

• Preserve single-line inline HTML tag bodies when they fit within max_line_length. #637 #2041
• Avoid evaluating template expressions while formatting tag contents. #784 #828 #1030 #1158

Packaging

• Fix npm publish workflow.

... (truncated)

Changelog

Sourced from djlint's changelog.

[1.39.2] - 2026-06-11

v1.39.1 was not published due to mypyc compilation error.

Packaging

• Fix mypyc compilation.

[1.39.1] - 2026-06-11

Fix

• Avoid false T027 reports for apostrophes inside quoted template strings.
• Format Alpine.js object methods in attributes when format_attribute_js_json is enabled.
• Preserve indentation after inline Jinja control-flow blocks that start with whitespace trim markers, such as {%- if ... %}...{% endif %}.
• Preserve safe inner quote style for Jinja function calls inside quoted HTML attributes.

[1.39.0] - 2026-06-05

Feature

• Add preserve_class_newlines / --preserve-class-newlines to keep authored line breaks inside multiline class attributes.

Fix

• Fix Django 6.0 {% partialdef %} block indentation so {% endpartialdef %} aligns with its opener.
• Preserve multiline Django/Jinja control-flow blocks instead of condensing short bodies onto one line.
• Preserve single-line inline HTML and template tag bodies during expansion, even when they exceed max_line_length.

[1.38.2] - 2026-06-05

Fix

• Fix python -m djlint not working due to mypyc compilation.

[1.38.1] - 2026-06-04

Fix

• Match exclude paths on path boundaries.

[1.38.0] - 2026-06-04

Feature

• Add support for .djlint.toml project and global config files.

Fix

• Preserve single-line inline HTML tag bodies when they fit within max_line_length.

... (truncated)

Commits

• a8264dd v1.39.2
• 0a59136 fix mypyc compilation
• 5daa5dd v1.39.1
• 27bae44 fix(linter): avoid false T027 for apostrophes in quoted strings
• 8a9d8f0 Fix Alpine x-data method attribute formatting
• c12d4e1 improve parenthesis tests
• d575507 fix(formatter): preserve Jinja quotes in HTML attributes
• 4129b05 chore(deps): update pre-commit hook types-tqdm to v4.68.0.20260608 (#2074)
• 0730bff Fix indentation after inline trim-marker Jinja blocks
• 338dee3 chore(deps): lock file maintenance (#2073)
• Additional commits viewable in compare view

Updates mypy-boto3-s3 from 1.43.5 to 1.43.31

Release notes

Sourced from mypy-boto3-s3's releases.

8.8.0 - Python 3.8 runtime is back

Changed

• [services] install_requires section is calculated based on dependencies in use, so typing-extensions version is set properly
• [all] Replaced typing imports with collections.abc with a fallback to typing for Python <3.9
• [all] Added aliases for builtins.list, builtins.set, builtins.dict, and builtins.type, so Python 3.8 runtime should work as expected again (reported by @​YHallouard in #340 and @​Omri-Ben-Yair in #336)
• [all] Unions use the same type annotations as the rest of the structures due to proper fallbacks

Fixed

• [services] Universal input/output shapes were not replaced properly in service subresources
• [docs] Simplified doc links rendering for services
• [services] Cleaned up unnecessary imports in client.pyi
• [builder] Import records with fallback are always rendered

Commits

• See full diff in compare view

Updates pytest from 9.0.3 to 9.1.0

Release notes

Sourced from pytest's releases.

9.1.0

pytest 9.1.0 (2026-06-13)

Removals and backward incompatible breaking changes

• #14533: When using --doctest-modules, autouse fixtures with module, package or session scope that are defined inline in Python test modules (not plugins or conftests) will now possibly execute twice.

  If this is undesirable, move the fixture definition to a conftest.py file if possible.

  Technical explanation for those interested: When using --doctest-modules, pytest possibly collects Python modules twice, once as pytest.Module and once as a DoctestModule (depending on the configuration). Due to improvements in pytest's fixture implementation, if e.g. the DoctestModule collects a fixture, it is now visible to it only, and not to the Module. This means that both need to register the fixtures independently.

Deprecations (removal in next major release)

• #10819: Added a deprecation warning for class-scoped fixtures defined as instance methods (without @classmethod). Such fixtures set attributes on a different instance than the test methods use, leading to unexpected behavior. Use @classmethod decorator instead -- by yastcher.

  See 10819 and 14011.

• #12882: Calling request.getfixturevalue() <pytest.FixtureRequest.getfixturevalue> during teardown to request a fixture that was not already requested is now deprecated and will become an error in pytest 10.

  See dynamic-fixture-request-during-teardown for details.

• #13409: Using non-~collections.abc.Collection iterables (such as generators, iterators, or custom iterable objects) for the argvalues parameter in @pytest.mark.parametrize <pytest.mark.parametrize ref> and metafunc.parametrize <pytest.Metafunc.parametrize> is now deprecated.

  These iterables get exhausted after the first iteration, leading to tests getting unexpectedly skipped in cases such as running pytest.main() multiple times, using class-level parametrize decorators, or collecting tests multiple times.

  See parametrize-iterators for details and suggestions.

• #13946: The private config.inicfg attribute is now deprecated. Use config.getini() <pytest.Config.getini> to access configuration values instead.

  See config-inicfg for more details.

• #14004: Passing baseid to ~pytest.FixtureDef or nodeid strings to fixture registration APIs is now deprecated. These are internal pytest APIs that are used by some plugins.

  Use the node parameter instead for fixture scoping. This enables more robust node-based matching instead of string prefix matching. If you've used nodeid=None, pass node=session instead.

  This will be removed in pytest 10.

• #14335: The method of configuring hooks using markers, deprecated since pytest 7.2, is now scheduled to be removed in pytest 10. See hook-markers for more details.

• #14434: The --pastebin option is now deprecated.

... (truncated)

Commits

• b2522cf Prepare release version 9.1.0
• 368d2fc [refactor] Tighten SetComparisonFunction to Iterator[str] (#14587)
• ff77cd8 [refactor] Make base assertion comparisons return an iterator instead of a li...
• 0d8491a build(deps): Bump actions/stale from 10.2.0 to 10.3.0
• 4a809d9 Merge pull request #14568 from pytest-dev/register-fixture
• 5dfa385 Fix recursion traceback test to cover all styles (#14582)
• f52ff0c Add pytest.register_fixture