MAINT: upgrade lock files

[dependabot]

Bumps the lock group with 4 updates: jupyterlab, notebook, ruff and jupyterlab-git.

Updates jupyterlab from 4.5.4 to 4.5.6

Release notes

Sourced from jupyterlab's releases.

v4.5.6

4.5.6

(Full Changelog)

Bugs fixed

• Replace scrollback implementation with scroll anchoring outside of full windowing mode #18522 (@​krassowski)
• Harmonize translation wrappers in Python files to use gettext methods #18597 (@​tmetzl)
• Remove unimplemented filebrowser:search command #18593 (@​krassowski)
• Fix status bar focus outlines #18585 (@​IsabelParedes)
• Fix filebrowser:create-new-file context menu selector #18588 (@​jtpio)
• Fix single-character code blocks rendering as empty #18572 (@​soniya-malviy)
• Hide code input in CodeConsole when configured #18554 (@​agriyakhetarpal)

Maintenance and upkeep improvements

• Update benchmark snapshots even if base snapshots require changes #18549 (@​krassowski)

Contributors to this release

The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.

(GitHub contributors page for this release)

@​agriyakhetarpal (activity) | @​IsabelParedes (activity) | @​jtpio (activity) | @​krassowski (activity) | @​soniya-malviy (activity) | @​tmetzl (activity)

v4.5.5

4.5.5

(Full Changelog)

Bugs fixed

• Fix theme settings broken in non-English locales #18530 (@​apoorvdarshan)
• Fix comms subshell resource management on disposal and when changing settings #18531 (@​krassowski)
• Upgrade @codemirror/view, fixing slow selection when line wrapping is enabled #18479 (@​krassowski)
• Only turn off overflow anchor when windowing is active #18503 (@​jasongrout)
• Fix table of contents navigation for Markdown files #18411 (@​itsmevichu)

Maintenance and upkeep improvements

• Update to marked 17.0.2 and mermaid 11.12.3 #18532 (@​bollwyvl, @​krassowski)

Contributors to this release

... (truncated)

Commits

• e514705 [ci skip] Publish 4.5.6
• a6dda88 Backport PR #18522 on branch 4.5.x (Replace scrollback implementation with sc...
• 4a28719 Backport PR #18597 on branch 4.5.x (Harmonize translation wrappers in Python ...
• 1714c4a Backport PR #18593 on branch 4.5.x (Remove unimplemented filebrowser:search...
• 3624bbe Backport PR #18585 on branch 4.5.x (Fix status bar focus outlines) (#18590)
• bf99d9d Backport PR #18588 on branch 4.5.x (Fix filebrowser:create-new-file context...
• 5b6dee9 Backport PR #18572 on branch 4.5.x (Fix single-character code blocks renderin...
• da80d67 Backport PR #18554 on branch 4.5.x (Hide code input in CodeConsole when c...
• 5267a8c Backport PR #18549 on branch 4.5.x (Update benchmark snapshots even if base s...
• 72d29f4 [ci skip] Publish 4.5.5
• Additional commits viewable in compare view

Updates notebook from 7.5.3 to 7.5.5

Release notes

Sourced from notebook's releases.

v7.5.5

7.5.5

(Full Changelog)

Maintenance and upkeep improvements

• Update to JupyterLab v4.5.6 #7861 (@​jtpio)
• [7.5.x] Drop Python 3.9 on CI #7860 (@​jtpio)
• Fix check links #7857 (@​jtpio)

Contributors to this release

The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.

(GitHub contributors page for this release)

@​jtpio (activity)

v7.5.4

7.5.4

(Full Changelog)

Maintenance and upkeep improvements

• Update to JupyterLab v4.5.5 #7842 (@​jtpio)
• Fix PyO3 CI failure with Python 3.15 #7836 (@​jtpio)

Contributors to this release

The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.

(GitHub contributors page for this release)

@​jtpio (activity)

Changelog

Sourced from notebook's changelog.

7.5.5

(Full Changelog)

Maintenance and upkeep improvements

• Update to JupyterLab v4.5.6 #7861 (@​jtpio)
• [7.5.x] Drop Python 3.9 on CI #7860 (@​jtpio)
• Fix check links #7857 (@​jtpio)

Contributors to this release

The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.

(GitHub contributors page for this release)

@​jtpio (activity)

7.5.4

(Full Changelog)

Maintenance and upkeep improvements

• Update to JupyterLab v4.5.5 #7842 (@​jtpio)
• Fix PyO3 CI failure with Python 3.15 #7836 (@​jtpio)

Contributors to this release

The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.

(GitHub contributors page for this release)

@​jtpio (activity)

Commits

• 9a2c88f Publish 7.5.5
• 4f8438b Update to JupyterLab v4.5.6 (#7861)
• f78fcfa Backport PR #7857: Fix check links (#7858)
• 9e4cf2a [7.5.x] Drop Python 3.9 on CI (#7860)
• ecc3aaf Publish 7.5.4
• e5d8418 Update to JupyterLab v4.5.5 (#7842)
• 6fe4f8e Backport PR #7836: Fix PyO3 CI failure with Python 3.15 (#7837)
• See full diff in compare view

Updates ruff from 0.15.1 to 0.15.8

Release notes

Sourced from ruff's releases.

0.15.8

Release Notes

Released on 2026-03-26.

Preview features

• [ruff] New rule unnecessary-if (RUF050) (#24114)
• [ruff] New rule useless-finally (RUF072) (#24165)
• [ruff] New rule f-string-percent-format (RUF073): warn when using % operator on an f-string (#24162)
• [pyflakes] Recognize frozendict as a builtin for Python 3.15+ (#24100)

Bug fixes

• [flake8-async] Use fully-qualified anyio.lowlevel import in autofix (ASYNC115) (#24166)
• [flake8-bandit] Check tuple arguments for partial paths in S607 (#24080)
• [pyflakes] Skip undefined-name (F821) for conditionally deleted variables (#24088)
• E501/W505/formatter: Exclude nested pragma comments from line width calculation (#24071)
• Fix %foo? parsing in IPython assignment expressions (#24152)
• analyze graph: resolve string imports that reference attributes, not just modules (#24058)

Rule changes

• [eradicate] ignore ty: ignore comments in ERA001 (#24192)
• [flake8-bandit] Treat sys.executable as trusted input in S603 (#24106)
• [flake8-self] Recognize Self annotation and self assignment in SLF001 (#24144)
• [pyflakes] F507: Fix false negative for non-tuple RHS in %-formatting (#24142)
• [refurb] Parenthesize generator arguments in FURB142 fixer (#24200)

Performance

• Speed up diagnostic rendering (#24146)

Server

• Warn when Markdown files are skipped due to preview being disabled (#24150)

Documentation

• Clarify extend-ignore and extend-select settings documentation (#24064)
• Mention AI policy in PR template (#24198)

Other changes

• Use trusted publishing for NPM packages (#24171)

Contributors

• @​bitloi
• @​Sim-hu

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.8

Released on 2026-03-26.

Preview features

• [ruff] New rule unnecessary-if (RUF050) (#24114)
• [ruff] New rule useless-finally (RUF072) (#24165)
• [ruff] New rule f-string-percent-format (RUF073): warn when using % operator on an f-string (#24162)
• [pyflakes] Recognize frozendict as a builtin for Python 3.15+ (#24100)

Bug fixes

• [flake8-async] Use fully-qualified anyio.lowlevel import in autofix (ASYNC115) (#24166)
• [flake8-bandit] Check tuple arguments for partial paths in S607 (#24080)
• [pyflakes] Skip undefined-name (F821) for conditionally deleted variables (#24088)
• E501/W505/formatter: Exclude nested pragma comments from line width calculation (#24071)
• Fix %foo? parsing in IPython assignment expressions (#24152)
• analyze graph: resolve string imports that reference attributes, not just modules (#24058)

Rule changes

• [eradicate] ignore ty: ignore comments in ERA001 (#24192)
• [flake8-bandit] Treat sys.executable as trusted input in S603 (#24106)
• [flake8-self] Recognize Self annotation and self assignment in SLF001 (#24144)
• [pyflakes] F507: Fix false negative for non-tuple RHS in %-formatting (#24142)
• [refurb] Parenthesize generator arguments in FURB142 fixer (#24200)

Performance

• Speed up diagnostic rendering (#24146)

Server

• Warn when Markdown files are skipped due to preview being disabled (#24150)

Documentation

• Clarify extend-ignore and extend-select settings documentation (#24064)
• Mention AI policy in PR template (#24198)

Other changes

• Use trusted publishing for NPM packages (#24171)

Contributors

• @​bitloi
• @​Sim-hu
• @​mvanhorn

... (truncated)

Commits

• c2a8815 Release 0.15.8 (#24217)
• d444d52 [ty] Infer lambda expressions with Callable type context (#22633)
• 9622285 [ty] Autocomplete arguments if in arguments node (#24167)
• d812662 Use the release environment in publish-docs (#24214)
• eda2355 [ty] Show Final source in final assignment diagnostic (#24194)
• 929eb52 [ty] Enforce Final attribute assignment rules for annotated and augmented wri...
• 34998be [ty] Fix typo in comment (#24211)
• 560aca0 [ty] Minor simplifications to some benchmark code (#24209)
• 683bae5 [ty] Track non-terminal-call constraints in global scope (#23245)
• 4704c2a [ty] Remove unnecessary intermediate collection in `StaticClassLiteral::field...
• Additional commits viewable in compare view

Updates jupyterlab-git from 0.51.4 to 0.52.0

Release notes

Sourced from jupyterlab-git's releases.

v0.52.0

0.52.0

(Full Changelog)

Enhancements made

• Add Option to Clear Notebook Outputs Before Commit #1434 (@​Meriem-BenIsmail, @​SylvainCorlay, @​afshin, @​jtpio, @​krassowski)

Contributors to this release

The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.

(GitHub contributors page for this release)

@​afshin (activity) | @​jtpio (activity) | @​krassowski (activity) | @​Meriem-BenIsmail (activity) | @​SylvainCorlay (activity)

Changelog

Sourced from jupyterlab-git's changelog.

0.52.0

(Full Changelog)

Enhancements made

• Add Option to Clear Notebook Outputs Before Commit #1434 (@​Meriem-BenIsmail, @​SylvainCorlay, @​afshin, @​jtpio, @​krassowski)

Contributors to this release

The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.

(GitHub contributors page for this release)

@​afshin (activity) | @​jtpio (activity) | @​krassowski (activity) | @​Meriem-BenIsmail (activity) | @​SylvainCorlay (activity)

Commits

• db77356 Publish 0.52.0
• ed6707c Add Option to Clear Notebook Outputs Before Commit (#1434)
• See full diff in compare view

Bumps the lock group with 2 updates: actions/download-artifact and actions/deploy-pages.

Updates actions/download-artifact from 7 to 8

Release notes

Sourced from actions/download-artifact's releases.

v8.0.0

v8 - What's new

[!IMPORTANT] actions/download-artifact@v8 has been migrated to an ESM module. This should be transparent to the caller but forks might need to make significant changes.

[!IMPORTANT] Hash mismatches will now error by default. Users can override this behavior with a setting change (see below).

Direct downloads

To support direct uploads in actions/upload-artifact, the action will no longer attempt to unzip all downloaded files. Instead, the action checks the Content-Type header ahead of unzipping and skips non-zipped files. Callers wishing to download a zipped file as-is can also set the new skip-decompress parameter to true.

Enforced checks (breaking)

A previous release introduced digest checks on the download. If a download hash didn't match the expected hash from the server, the action would log a warning. Callers can now configure the behavior on mismatch with the digest-mismatch parameter. To be secure by default, we are now defaulting the behavior to error which will fail the workflow run.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

• Don't attempt to un-zip non-zipped downloads by @​danwkennedy in actions/download-artifact#460
• Add a setting to specify what to do on hash mismatch and default it to error by @​danwkennedy in actions/download-artifact#461

Full Changelog: actions/download-artifact@v7...v8.0.0

Commits

• 3e5f45b Add regression tests for CJK characters (#471)
• e6d03f6 Add a regression test for artifact name + content-type mismatches (#472)
• 70fc10c Merge pull request #461 from actions/danwkennedy/digest-mismatch-behavior
• f258da9 Add change docs
• ccc058e Fix linting issues
• bd7976b Add a setting to specify what to do on hash mismatch and default it to error
• ac21fcf Merge pull request #460 from actions/danwkennedy/download-no-unzip
• 15999bf Add note about package bumps
• 974686e Bump the version to v8 and add release notes
• fbe48b1 Update test names to make it clearer what they do
• Additional commits viewable in compare view

Updates actions/deploy-pages from 4 to 5

Release notes

Sourced from actions/deploy-pages's releases.

v5.0.0

Changelog

• Update Node.js version to 24.x @​salmanmkc (#404)
• Add workflow file for publishing releases to immutable action package @​Jcambass (#374)
• Bump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group across 1 directory @​dependabot (#360)
• Make the rebuild dist workflow work nicer with Dependabot @​yoannchaudet (#361)
• Bump the non-breaking-changes group across 1 directory with 3 updates @​dependabot (#358)
• Delete repeated sentence @​garethsb (#359)
• Update README.md @​tsusdere (#348)
• Bump the non-breaking-changes group with 4 updates @​dependabot (#341)
• Remove error message for file permissions @​TooManyBees (#340)

---

See details of all code changes since previous release.

⚠️ For use with products other than GitHub.com, such as GitHub Enterprise Server, please consult the compatibility table.

v4.0.5

Changelog

• On API error, the error message will surface the API request ID @​TooManyBees (#324)
• Bump the non-breaking-changes group with 2 updates @​dependabot (#318)
• Bump the non-breaking-changes group with 1 update @​dependabot (#316)
• Bump the non-breaking-changes group with 3 updates @​dependabot (#314)
• Bump release-drafter/release-drafter from 5.25.0 to 6.0.0 @​dependabot (#311)

---

See details of all code changes since previous release.

⚠️ For use with products other than GitHub.com, such as GitHub Enterprise Server, please consult the compatibility table.

v4.0.4

Changelog

• Update api-client.js @​lmammino (#295)
• fix typo: compatibilty -> compatibility @​SimonSiefke (#298)
• Bump @​actions/artifact from 2.0.1 to 2.1.1 @​dependabot (#310)
• Update Dependabot config to group non-breaking changes @​JamesMGreene (#307)

---

See details of all code changes since previous release.

⚠️ For use with products other than GitHub.com, such as GitHub Enterprise Server, please consult the compatibility table.

v4.0.3

Changelog

... (truncated)

Commits

• cd2ce8f Merge pull request #404 from salmanmkc/node24
• bbe2a95 Update Node.js version to 24.x
• 854d7aa Merge pull request #374 from actions/Jcambass-patch-1
• 306bb81 Add workflow file for publishing releases to immutable action package
• b742728 Merge pull request #360 from actions/dependabot/npm_and_yarn/npm_and_yarn-513...
• 7273294 Bump braces in the npm_and_yarn group across 1 directory
• 963791f Merge pull request #361 from actions/dependabot-friendly
• 51bb29d Make the rebuild dist workflow safer for Dependabot
• 89f3d10 Merge pull request #358 from actions/dependabot/npm_and_yarn/non-breaking-cha...
• bce7355 Merge branch 'main' into dependabot/npm_and_yarn/non-breaking-changes-99c12deb21
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions