chore(deps): bump the python-packages group across 1 directory with 5 updates

[dependabot]

Bumps the python-packages group with 5 updates in the / directory:

Package	From	To
playwright	1.57.0	1.58.0
pygithub	2.8.1	2.9.0
pytest-cov	7.0.0	7.1.0
build	1.3.0	1.4.2
mkdocs-material	9.7.1	9.7.6

Updates playwright from 1.57.0 to 1.58.0

Release notes

Sourced from playwright's releases.

v1.58.0

Trace Viewer Improvements

• New 'system' theme option follows your OS dark/light mode preference
• Search functionality (Cmd/Ctrl+F) is now available in code editors
• Network details panel has been reorganized for better usability
• JSON responses are now automatically formatted for readability

Thanks to @​cpAdm for contributing these improvements!

Miscellaneous

browser_type.connect_over_cdp() now accepts an is_local option. When set to True, it tells Playwright that it runs on the same host as the CDP server, enabling file system optimizations.

Breaking Changes ⚠️

• Removed _react and _vue selectors. See locators guide for alternatives.
• Removed :light selector engine suffix. Use standard CSS selectors instead.
• Option devtools from browser_type.launch() has been removed. Use args=['--auto-open-devtools-for-tabs'] instead.
• Removed macOS 13 support for WebKit. We recommend to upgrade your macOS version, or keep using an older Playwright version.

Browser Versions

• Chromium 145.0.7632.6
• Mozilla Firefox 146.0.1
• WebKit 26.0

This version was also tested against the following stable channels:

• Google Chrome 144
• Microsoft Edge 144

Commits

• 47a5d35 chore: roll to 1.58.0 (#3026)
• d3f5438 chore: throw FileNotFoundError for nonexistant files (#3014)
• 731b539 chore: implement Request.service_worker (#3013)
• See full diff in compare view

Updates pygithub from 2.8.1 to 2.9.0

Release notes

Sourced from pygithub's releases.

v2.9.0

Notable changes

Lazy PyGithub objects

The notion of lazy objects has been added to some PyGithub classes in version 2.6.0. This release now makes all CompletableGithubObjects optionally lazy (if useful). See PyGithub/PyGithub#3403 for a complete list.

In lazy mode, getting a PyGithub object does not send a request to the GitHub API. Only accessing methods and properties sends the necessary requests to the GitHub API:

# Use lazy mode
g = Github(auth=auth, lazy=True)
these method calls do not send requests to the GitHub API
user = g.get_user("PyGithub")    # get the user
repo = user.get_repo("PyGithub") # get the user's repo
pull = repo.get_pull(3403)       # get a known pull request
issue = pull.as_issue()          # turn the pull request into an issue
these method and property calls send requests to Github API
issue.create_reaction("rocket")  # create a reaction
created = repo.created_at        # get property of lazy object repo
once a lazy object has been fetched, all properties are available (no more requests)
licence = repo.license

All PyGithub classes that implement CompletableGithubObject support lazy mode (if useful). This is only useful for classes that have methods creating, changing, or getting objects.

By default, PyGithub objects are not lazy.

PyGithub objects with a paginated property

The GitHub API has the "feature" of paginated properties. Some objects returned by the API have a property that allows for pagination. Fetching subsequent pages of that property means fetching the entire object (with all other properties) and the specified page of the paginated property. Iterating over the paginated property means fetching all other properties multiple times. Fortunately, the allowed size of each page (per_page is usually 300, in contrast to the "usual" per_page maximum of 100).

Objects with paginated properties:

• Commit.files
• Comparison.commits
• EnterpriseConsumedLicenses.users

This PR makes iterating those paginated properties use the configured per_page setting.

It further allows to specify an individual per_page when either retrieving such objects, or fetching paginated properties.

See Classes with paginated properties for details.

Drop Python 3.8 support due to End-of-Life

Python 3.8 reached its end-of-life September 6, 2024. Support has been removed with this release.

... (truncated)

Changelog

Sourced from pygithub's changelog.

Version 2.9.0 (March 22, 2026)

Notable changes ^^^^^^^^^^^^^^^

Lazy PyGithub objects """""""""""""""""""""

The notion of lazy objects has been added to some PyGithub classes in version 2.6.0. This release now makes all CompletableGithubObject\s optionally lazy (if useful). See [#3403](https://github.com/pygithub/pygithub/issues/3403) <https://github.com/PyGithub/PyGithub/pull/3403>_ for a complete list.

In lazy mode, getting a PyGithub object does not send a request to the GitHub API. Only accessing methods and properties sends the necessary requests to the GitHub API:

.. code-block:: python

# Use lazy mode
g = Github(auth=auth, lazy=True)
these method calls do not send requests to the GitHub API
user = g.get_user("PyGithub")    # get the user
repo = user.get_repo("PyGithub") # get the user's repo
pull = repo.get_pull(3403)       # get a known pull request
issue = pull.as_issue()          # turn the pull request into an issue
these method and property calls send requests to Github API
issue.create_reaction("rocket")  # create a reaction
created = repo.created_at        # get property of lazy object repo
once a lazy object has been fetched, all properties are available (no more requests)
licence = repo.license

All PyGithub classes that implement CompletableGithubObject support lazy mode (if useful). This is only useful for classes that have methods creating, changing, or getting objects.

By default, PyGithub objects are not lazy.

PyGithub objects with a paginated property """"""""""""""""""""""""""""""""""""""""""

The GitHub API has the "feature" of paginated properties. Some objects returned by the API have a property that allows for pagination. Fetching subsequent pages of that property means fetching the entire object (with all other properties) and the specified page of the paginated property. Iterating over the paginated property means fetching all other properties multiple times. Fortunately, the allowed size of each page (per_page is usually 300, in contrast to the "usual" per_page maximum of 100).

Objects with paginated properties:

... (truncated)

Commits

• 3a17ecf Release 2.9.0 (#3465)
• b1a9b7e Consider per-page settings when iterating paginated properties (#3377)
• 24305f6 Update test key pair (#3453)
• f2540db Deprecate Reaction.delete (#3435)
• 19e1c50 Add throw option to Workflow.create_dispatch to raise exceptions (#2966)
• 6461909 Add Secret Scanning Alerts and Improve Code Scan Alerts (#3307)
• 95648db Add Python 3.14 to CI and tox (#3429)
• 3716bab Use GET url or _links.self as object url (#3421)
• 61dcf49 Allow for enterprise base url prefixed with api. (#3419)
• ae23d60 Restrict PyPi release workflow permissions (#3418)
• Additional commits viewable in compare view

Updates pytest-cov from 7.0.0 to 7.1.0

Changelog

Sourced from pytest-cov's changelog.

7.1.0 (2026-03-21)

• Fixed total coverage computation to always be consistent, regardless of reporting settings. Previously some reports could produce different total counts, and consequently can make --cov-fail-under behave different depending on reporting options. See [#641](https://github.com/pytest-dev/pytest-cov/issues/641) <https://github.com/pytest-dev/pytest-cov/issues/641>_.

• Improve handling of ResourceWarning from sqlite3.

  The plugin adds warning filter for sqlite3 ResourceWarning unclosed database (since 6.2.0). It checks if there is already existing plugin for this message by comparing filter regular expression. When filter is specified on command line the message is escaped and does not match an expected message. A check for an escaped regular expression is added to handle this case.

  With this fix one can suppress ResourceWarning from sqlite3 from command line::

  pytest -W "ignore:unclosed database in <sqlite3.Connection object at:ResourceWarning" ...

• Various improvements to documentation. Contributed by Art Pelling in [#718](https://github.com/pytest-dev/pytest-cov/issues/718) <https://github.com/pytest-dev/pytest-cov/pull/718>_ and "vivodi" in [#738](https://github.com/pytest-dev/pytest-cov/issues/738) <https://github.com/pytest-dev/pytest-cov/pull/738>. Also closed [#736](https://github.com/pytest-dev/pytest-cov/issues/736) <https://github.com/pytest-dev/pytest-cov/issues/736>.

• Fixed some assertions in tests. Contributed by in Markéta Machová in [#722](https://github.com/pytest-dev/pytest-cov/issues/722) <https://github.com/pytest-dev/pytest-cov/pull/722>_.

• Removed unnecessary coverage configuration copying (meant as a backup because reporting commands had configuration side-effects before coverage 5.0).

Commits

• 66c8a52 Bump version: 7.0.0 → 7.1.0
• f707662 Make the examples use pypy 3.11.
• 6049a78 Make context test use the old ctracer (seems the new sysmon tracer behaves di...
• 8ebf20b Update changelog.
• 861d30e Remove the backup context manager - shouldn't be needed since coverage 5.0, ...
• fd4c956 Pass the precision on the nulled total (seems that there's some caching goion...
• 78c9c4e Only run the 3.9 on older deps.
• 4849a92 Punctuation.
• 197c35e Update changelog and hopefully I don't forget to publish release again :))
• 14dc1c9 Update examples to use 3.11 and make the adhoc layout example look a bit more...
• Additional commits viewable in compare view

Updates build from 1.3.0 to 1.4.2

Release notes

Sourced from build's releases.

1.4.2

What's Changed

• fix(uv): always pass the python to use by @​henryiii in pypa/build#996
• 🐛 fix(release): detect pre-commit environment inconsistencies by @​gaborbernat in pypa/build#1001
• 🔧 fix(towncrier): match docstrfmt RST formatting expectations by @​gaborbernat in pypa/build#1002
• Fix _has_valid_outer_pip when pip is missing by @​notatallshaw in pypa/build#1003
• fix: release changelog issue by @​henryiii in pypa/build#1006

New Contributors

• @​notatallshaw made their first contribution in pypa/build#1003

Full Changelog: pypa/build@1.4.1...1.4.2

1.4.1

What's Changed

• Fix documentation grammar and typos by @​DimitriPapadopoulos in pypa/build#979
• Allow setting build constraints by @​layday in pypa/build#963
• fix: pip hack workaround by @​henryiii in pypa/build#980
• 📚 docs: reorganize using Diataxis framework by @​gaborbernat in pypa/build#988
• ✨ feat(ci): automate releases and harden workflows by @​gaborbernat in pypa/build#991
• chore: avoid template injection zizmor issue by @​henryiii in pypa/build#994
• chore: fix PR template by @​henryiii in pypa/build#995
• chore: fix fix job by @​henryiii in pypa/build#997
• 🐛 fix(ci): resolve pre-release auth failure and change detection by @​gaborbernat in pypa/build#999
• 🐛 fix(deps): add pre-commit to release dependency group by @​gaborbernat in pypa/build#1000

Full Changelog: pypa/build@1.4.0...1.4.1

1.4.0

• Add --quiet flag (PR #947)
• Add option to dump PEP 517 metadata with --metadata (PR #940, PR #943)
• Support UV environment variable (PR #971)
• Remove a workaround for 3.14b1 (PR #960)
• In 3.14 final release, color defaults to True already (PR #962)
• Pass sp-repo-review (PR #942)
• In pytest configuration, log_level is better than log_cli_level (PR #950)
• Split up typing and mypy (PR #944)
• Use types-colorama (PR #945)
• In docs, first argument for _has_dependency is a name (PR #970)
• Fix test failure when flit-core is installed (PR #921)

Changelog

Sourced from build's changelog.

#################### 1.4.2 (2026-03-25) ####################

---

Bugfixes

---

• Ensure the uv installer uses the current version of Python, avoiding an issue if UV_PYTHON is set, for example. (:issue:977)
• Fix _has_valid_outer_pip returning True when pip is missing, causing build to try using a non-existent pip instead of falling back to virtualenv. (:issue:1003)

#################### 1.4.1 (2026-03-24) ####################

---

Features

---

• Allow setting build constraints - by :user:gaborbernat (:issue:963)
• Automate releases with pre-release workflow and trusted publishing - by :user:gaborbernat (:issue:991)

---

Documentation

---

• Fix documentation grammar and typos (:issue:979)
• Reorganize documentation using Diataxis framework - by :user:gaborbernat (:issue:988)
• Document release process and workflow security practices in contributing guide (:issue:991)

---

Miscellaneous

---

• :issue:991

---

Bugfixes

---

• Fix pip hack workaround - by :user:gaborbernat (:issue:980)

#################### 1.4.0 (2026-01-08) ####################

• Add --quiet flag (:pr:947)
• Add option to dump PEP 517 metadata with --metadata (:pr:940, :pr:943)

... (truncated)

Commits

• 7b7ae07 chore: prepare for 1.4.2
• 17f3b57 fix: release changelog issue (#1006)
• b945752 fix: _has_valid_outer_pip when pip is missing (#1003)
• 74ae997 🔧 fix(towncrier): match docstrfmt RST formatting expectations (#1002)
• 3786929 🐛 fix(release): detect pre-commit environment inconsistencies (#1001)
• 737bdb7 fix(uv): always pass the python to use (#996)
• bd88956 chore: prepare for 1.4.1
• 062e7e2 🐛 fix(deps): add pre-commit to release dependency group (#1000)
• 3d8e260 🐛 fix(ci): resolve pre-release auth failure and change detection (#999)
• f2a2610 chore: fix fix job (#997)
• Additional commits viewable in compare view

Updates mkdocs-material from 9.7.1 to 9.7.6

Release notes

Sourced from mkdocs-material's releases.

mkdocs-material-9.7.6

[!WARNING]

Material for MkDocs is in maintenance mode

Going forward, the Material for MkDocs team focuses on Zensical, a next-gen static site generator built from first principles. We will provide critical bug fixes and security updates for Material for MkDocs until November 2026.

Read the full announcement on our blog

Changes

• Automatically disable MkDocs 2.0 warning for forks of MkDocs

mkdocs-material-9.7.5

[!WARNING]

Material for MkDocs is in maintenance mode

Going forward, the Material for MkDocs team focuses on Zensical, a next-gen static site generator built from first principles. We will provide critical bug fixes and security updates for Material for MkDocs until November 2026.

Read the full announcement on our blog

Changes

• Limited version range of mkdocs to <2
• Updated MkDocs 2.0 incompatibility warning (clarify relation with MkDocs)

mkdocs-material-9.7.4

[!WARNING]

Material for MkDocs is in maintenance mode

Going forward, the Material for MkDocs team focuses on Zensical, a next-gen static site generator built from first principles. We will provide critical bug fixes and security updates for Material for MkDocs until November 2026.

Read the full announcement on our blog

Changes

• Hardened social cards plugin by switching to sandboxed environment (recommended by @​caveeroo)
• Updated MkDocs 2.0 incompatibility warning

... (truncated)

Changelog

Sourced from mkdocs-material's changelog.

mkdocs-material-9.7.6 (2026-03-19)

• Automatically disable MkDocs 2.0 warning for forks of MkDocs

mkdocs-material-9.7.5 (2026-03-10)

• Limited version range of mkdocs to <2
• Updated MkDocs 2.0 incompatibility warning (clarify relation with MkDocs)

mkdocs-material-9.7.4 (2026-03-03)

• Hardened social cards plugin by switching to sandboxed environment
• Updated MkDocs 2.0 incompatibility warning

mkdocs-material-9.7.3 (2026-02-24)

• Fixed #8567: Print MkDocs 2.0 incompatibility warning to stderr

mkdocs-material-9.7.2 (2026-02-18)

• Opened up version ranges of optional dependencies for forward-compatibility
• Added warning to 'mkdocs build' about impending MkDocs 2.0 incompatibility

mkdocs-material-9.7.1 (2025-12-18)

• Updated requests to 2.30+ to mitigate CVE in urllib
• Fixed privacy plugin not picking up protocol-relative URLs
• Fixed #8542: false positives and negatives captured in privacy plugin

mkdocs-material-9.7.0 (2025-11-11)

⚠️ Material for MkDocs is now in maintenance mode

This is the last release of Material for MkDocs that will receive new features. Going forward, the Material for MkDocs team focuses on Zensical, a next-gen static site generator built from first principles. We will provide critical bug fixes and security updates for Material for MkDocs for 12 months at least.

Read the full announcement on our blog: https://squidfunk.github.io/mkdocs-material/blog/2025/11/05/zensical/

This release includes all features that were previously exclusive to the Insiders edition. These features are now freely available to everyone.

Note on deprecated plugins: The projects and typeset plugins are included in this release, but must be considered deprecated. Both plugins proved unsustainable to maintain and represent architectural dead ends. They are provided as-is without ongoing support.

Changes:

... (truncated)

Commits

• 6c52ed6 Prepare 9.7.6 release
• 51d9b76 Automatically disable MkDocs 2.0 warning for forks of MkDocs
• 6f9a48b Updated links
• 00b9933 Prepare 9.7.5 release
• 37683d1 Updated blog post on MkDocs 2.0
• 199e315 Updated warning message to clarify relation to MkDocs
• 1025833 Limited version range of mkdocs to <2
• 1532f52 Added update log to blog post
• d0c8b28 Updated dependencies to fix vulnerabilities
• 71d4869 Updated blog post on MkDocs 2.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions