Skip to content

build(deps)(deps-dev): Bump the development-dependencies group across 1 directory with 6 updates#743

Closed
dependabot[bot] wants to merge 2 commits into
devfrom
dependabot/pip/dev/development-dependencies-8e2d0c83c7
Closed

build(deps)(deps-dev): Bump the development-dependencies group across 1 directory with 6 updates#743
dependabot[bot] wants to merge 2 commits into
devfrom
dependabot/pip/dev/development-dependencies-8e2d0c83c7

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Feb 23, 2026
edited
Loading

Bumps the development-dependencies group with 5 updates in the / directory:

Package From To
coverage 7.13.1 7.13.4
black 25.12.0 26.1.0
isort 7.0.0 8.0.0
tox 4.34.1 4.44.0
bandit 1.9.2 1.9.3

Updates coverage from 7.13.1 to 7.13.4

Changelog

Sourced from coverage's changelog.

Version 7.13.4 — 2026-02-09

  • Fix: the third-party code fix in 7.13.3 required examining the parent directories where coverage was run. In the unusual situation that one of the parent directories is unreadable, a PermissionError would occur, as described in issue 2129_. This is now fixed.

  • Fix: in test suites that change sys.path, coverage.py could fail with "RuntimeError: Set changed size during iteration" as described and fixed in pull 2130_. Thanks, Noah Fatsi.

  • We now publish ppc64le wheels, thanks to Pankhudi Jain <pull 2121_>_.

.. _pull 2121: coveragepy/coveragepy#2121 .. _issue 2129: coveragepy/coveragepy#2129 .. _pull 2130: coveragepy/coveragepy#2130

.. _changes_7-13-3:

Version 7.13.3 — 2026-02-03

  • Fix: in some situations, third-party code was measured when it shouldn't have been, slowing down test execution. This happened with layered virtual environments such as uv sometimes makes. The problem is fixed, closing issue 2082_. Now any directory on sys.path that is inside a virtualenv is considered third-party code.

.. _issue 2082: coveragepy/coveragepy#2082

.. _changes_7-13-2:

Version 7.13.2 — 2026-01-25

  • Fix: when Python is installed via symlinks, for example with Homebrew, the standard library files could be incorrectly included in coverage reports. This is now fixed, closing issue 2115_.

  • Fix: if a data file is created with no read permissions, the combine step would fail completely. Now a warning is issued and the file is skipped. Closes issue 2117_.

.. _issue 2115: coveragepy/coveragepy#2115 .. _issue 2117: coveragepy/coveragepy#2117

... (truncated)

Commits

Updates black from 25.12.0 to 26.1.0

Release notes

Sourced from black's releases.

26.1.0

Highlights

Introduces the 2026 stable style (#4892), stabilizing the following changes:

  • always_one_newline_after_import: Always force one blank line after import statements, except when the line after the import is a comment or an import statement (#4489)
  • fix_fmt_skip_in_one_liners: Fix # fmt: skip behavior on one-liner declarations, such as def foo(): return "mock" # fmt: skip, where previously the declaration would have been incorrectly collapsed (#4800)
  • fix_module_docstring_detection: Fix module docstrings being treated as normal strings if preceded by comments (#4764)
  • fix_type_expansion_split: Fix type expansions split in generic functions (#4777)
  • multiline_string_handling: Make expressions involving multiline strings more compact (#1879)
  • normalize_cr_newlines: Add \r style newlines to the potential newlines to normalize file newlines both from and to (#4710)
  • remove_parens_around_except_types: Remove parentheses around multiple exception types in except and except* without as (#4720)
  • remove_parens_from_assignment_lhs: Remove unnecessary parentheses from the left-hand side of assignments while preserving magic trailing commas and intentional multiline formatting (#4865)
  • standardize_type_comments: Format type comments which have zero or more spaces between # and type: or between type: and value to # type: (value) (#4645)

The following change was not in any previous stable release:

  • Regenerated the _width_table.py and added tests for the Khmer language (#4253)

This release alo bumps pathspec to v1 and fixes inconsistencies with Git's .gitignore logic (#4958). Now, files will be ignored if a pattern matches them, even if the parent directory is directly unignored. For example, Black would previously format exclude/not_this/foo.py with this .gitignore:

exclude/
!exclude/not_this/

Now, exclude/not_this/foo.py will remain ignored. To ensure exclude/not_this/ and all of it's children are included in formatting (and in Git), use this .gitignore:

*/exclude/*
!*/exclude/not_this/

This new behavior matches Git. The leading */ are only necessary if you wish to ignore matching subdirectories (like the previous behavior did), and not just matching root

... (truncated)

Changelog

Sourced from black's changelog.

26.1.0

Highlights

Introduces the 2026 stable style (#4892), stabilizing the following changes:

  • always_one_newline_after_import: Always force one blank line after import statements, except when the line after the import is a comment or an import statement (#4489)
  • fix_fmt_skip_in_one_liners: Fix # fmt: skip behavior on one-liner declarations, such as def foo(): return "mock" # fmt: skip, where previously the declaration would have been incorrectly collapsed (#4800)
  • fix_module_docstring_detection: Fix module docstrings being treated as normal strings if preceded by comments (#4764)
  • fix_type_expansion_split: Fix type expansions split in generic functions (#4777)
  • multiline_string_handling: Make expressions involving multiline strings more compact (#1879)
  • normalize_cr_newlines: Add \r style newlines to the potential newlines to normalize file newlines both from and to (#4710)
  • remove_parens_around_except_types: Remove parentheses around multiple exception types in except and except* without as (#4720)
  • remove_parens_from_assignment_lhs: Remove unnecessary parentheses from the left-hand side of assignments while preserving magic trailing commas and intentional multiline formatting (#4865)
  • standardize_type_comments: Format type comments which have zero or more spaces between # and type: or between type: and value to # type: (value) (#4645)

The following change was not in any previous stable release:

  • Regenerated the _width_table.py and added tests for the Khmer language (#4253)

This release alo bumps pathspec to v1 and fixes inconsistencies with Git's .gitignore logic (#4958). Now, files will be ignored if a pattern matches them, even if the parent directory is directly unignored. For example, Black would previously format exclude/not_this/foo.py with this .gitignore:

exclude/
!exclude/not_this/

Now, exclude/not_this/foo.py will remain ignored. To ensure exclude/not_this/ and all of it's children are included in formatting (and in Git), use this .gitignore:

*/exclude/*
!*/exclude/not_this/

This new behavior matches Git. The leading */ are only necessary if you wish to ignore

... (truncated)

Commits

Updates isort from 7.0.0 to 8.0.0

Release notes

Sourced from isort's releases.

8.0.0

Changes

🚀 Features

👷 Continuous Integration

📦 Dependencies

Changelog

Sourced from isort's changelog.

8.0.0 February 19 2026

  • Removed --old-finders and --magic-placement flags and old_finders configuration option. The legacy finder logic that relied on environment introspection has been removed (#2445) @​joao-faria-dev
  • Update the plone profile to not clash with black (#2456) @​ale-rt

6.1.0 October 1 2025

6.0.1 Febuary 26 2025

6.0.0 January 27 2025

5.13.2 December 13 2023

5.13.1 December 11 2023

5.13.0 December 9 2023

... (truncated)

Commits
  • 3459bde Merge pull request #2460 from PyCQA/DanielNoord-patch-1
  • 6e70bb6 Update CHANGELOG for version 8.0.0
  • b0f2dab Merge pull request #2458 from skv0zsneg/issue/1882
  • 313797b Fix lint.
  • 7d3a6f5 Add ignore for cyclomatic complexity check.
  • 6b9f895 Remove debug prints.
  • 45f2497 Add tests for edge case future imports handler.
  • fe57bfd Add edge case future imports handler.
  • e8c127b Merge pull request #2457 from ale-rt/ale/2456/fix-plone-profile
  • 293c201 Fix the Plone profile to be compatible with black
  • Additional commits viewable in compare view

Updates tox from 4.34.1 to 4.44.0

Release notes

Sourced from tox's releases.

v4.44.0

What's Changed

Full Changelog: tox-dev/tox@4.43.0...4.44.0

v4.43.0

What's Changed

Full Changelog: tox-dev/tox@4.42.0...4.43.0

v4.42.0

What's Changed

Full Changelog: tox-dev/tox@4.41.0...4.42.0

v4.41.0

... (truncated)

Changelog

Sourced from tox's changelog.

Features - 4.44.0

  • Support PEP 751 pylock.toml lock files as dependency input via the pylock configuration option (mutually exclusive with deps). Packages are filtered by extras, dependency groups, and platform markers evaluated against the target Python interpreter, then installed via pip with --no-deps - by :user:gaborbernat. (:issue:3665)

Bug fixes - 4.44.0

  • Fix unfactored continuation lines (e.g. pytest \, --remote-data \) being incorrectly skipped when they follow a filtered factor-conditional line ending with \ -- the pending_skip flag now only drops terminal continuation pieces, preserving shared arguments that are themselves continuations - by :user:gaborbernat. (:issue:3802)

v4.43.0 (2026-02-20)

Features - 4.43.0

  • Add TOML-native generative env_list via product dict syntax -- Cartesian product of factor groups with optional range dicts and exclusions - by :user:gaborbernat. (:issue:3797)

Bug fixes - 4.43.0

  • Pass config_settings_build_wheel to pip as --config-settings when installing sdist packages, ensuring the build backend receives config settings during pip's internal wheel build - by :user:gaborbernat. (:issue:3125)
  • Fix factor-conditional continuation lines (e.g. cov: coverage run \ / !cov: python \ / somefile.py) where different factor prefixes on consecutive continuation lines caused prefixes to be passed as literal command arguments instead of being filtered - by :user:gaborbernat. (:issue:3796)

Improved documentation - 4.43.0

  • Integrate sphinxcontrib-towncrier to render draft changelog entries directly in Sphinx, replacing the manual towncrier draft script - by :user:gaborbernat. (:issue:3201)

v4.42.0 (2026-02-20)

Features - 4.42.0

  • Platform-dependent commands can now be specified using factor syntax without requiring the platform name in the environment name. The current platform (sys.platform value like linux, darwin, win32) is automatically available as an implicit factor, allowing configurations like linux: pytest in INI or factor.linux in TOML conditional expressions to work in any environment. Additionally, TOML configurations can now use factor.NAME in

... (truncated)

Commits
  • 901aa7b release 4.44.0
  • 7b601a7 ✨ feat(config): add PEP 751 pylock.toml support (#3803)
  • f6a9847 🐛 fix(config): keep unfactored continuation lines after filtered factors (#38...
  • f4855f3 release 4.43.0
  • 8517abc 🐛 fix(pip): pass config_settings to pip for sdist install (#3800)
  • 413b963 🐛 fix(config): restore factor conditional continuations (#3799)
  • b11c645 ✨ feat(toml): add generative env_list via product dict (#3797)
  • 0f4da83 📝 docs(infra): integrate sphinxcontrib-towncrier (#3798)
  • 09b4f60 release 4.42.0
  • c80c62f ✨ feat(env): add virtualenv_spec for per-env version pinning (#3794)
  • Additional commits viewable in compare view

Updates pylint from 4.0.4 to 4.0.5

Commits
  • 88e1ab7 Bump pylint to 4.0.5, update changelog (#10860)
  • d96d489 [Backport maintenance/4.0.x] Relax isort version constraint to allow isort 8 ...
  • 0b08ccb Fix dynamic color mapping for "fail-on" messages when using multiple reporter...
  • 154dba4 [Backport maintenance/4.0.x] Fix FP for invalid-name with typing.Final on...
  • 7b73bfd Disable unspecified-encoding for py-version above Python 3.15 (#10800)
  • 4cc98be [Backport maintenance/4.0.x] Fix setting options for import order checker (#1...
  • f0d30a2 Sync astroid version with requirements file again
  • 38bdf02 [Backport maintenance/4.0.x] Fix logging-unsupported-format when logging ...
  • f08c33a [Backport maintenance/4.0.x] Properly detect self.fail() as a terminating...
  • See full diff in compare view

Updates bandit from 1.9.2 to 1.9.3

Release notes

Sourced from bandit's releases.

1.9.3

What's Changed

New Contributors

Full Changelog: PyCQA/bandit@1.9.2...1.9.3

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps)(deps-dev): Bump the development-dependencies group across…
301d889 
… 1 directory with 6 updates

Bumps the development-dependencies group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [coverage](https://github.com/coveragepy/coveragepy) | `7.13.1` | `7.13.4` |
| [black](https://github.com/psf/black) | `25.12.0` | `26.1.0` |
| [isort](https://github.com/PyCQA/isort) | `7.0.0` | `8.0.0` |
| [tox](https://github.com/tox-dev/tox) | `4.34.1` | `4.44.0` |
| [bandit](https://github.com/PyCQA/bandit) | `1.9.2` | `1.9.3` |



Updates `coverage` from 7.13.1 to 7.13.4
- [Release notes](https://github.com/coveragepy/coveragepy/releases)
- [Changelog](https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst)
- [Commits](coveragepy/coveragepy@7.13.1...7.13.4)

Updates `black` from 25.12.0 to 26.1.0
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](psf/black@25.12.0...26.1.0)

Updates `isort` from 7.0.0 to 8.0.0
- [Release notes](https://github.com/PyCQA/isort/releases)
- [Changelog](https://github.com/PyCQA/isort/blob/main/CHANGELOG.md)
- [Commits](PyCQA/isort@7.0.0...8.0.0)

Updates `tox` from 4.34.1 to 4.44.0
- [Release notes](https://github.com/tox-dev/tox/releases)
- [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst)
- [Commits](tox-dev/tox@4.34.1...4.44.0)

Updates `pylint` from 4.0.4 to 4.0.5
- [Release notes](https://github.com/pylint-dev/pylint/releases)
- [Commits](pylint-dev/pylint@v4.0.4...v4.0.5)

Updates `bandit` from 1.9.2 to 1.9.3
- [Release notes](https://github.com/PyCQA/bandit/releases)
- [Commits](PyCQA/bandit@1.9.2...1.9.3)

---
updated-dependencies:
- dependency-name: coverage
  dependency-version: 7.13.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: development-dependencies
- dependency-name: black
  dependency-version: 26.1.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: development-dependencies
- dependency-name: isort
  dependency-version: 8.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: development-dependencies
- dependency-name: tox
  dependency-version: 4.44.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: development-dependencies
- dependency-name: pylint
  dependency-version: 4.0.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: development-dependencies
- dependency-name: bandit
  dependency-version: 1.9.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: development-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot requested a review from vanvianen as a code owner February 23, 2026 08:12
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Feb 23, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Feb 23, 2026

✅ Code has been automatically formatted with Black and isort.

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Mar 23, 2026

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Mar 23, 2026
@dependabot dependabot Bot deleted the dependabot/pip/dev/development-dependencies-8e2d0c83c7 branch March 23, 2026 08:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vanvianen vanvianen Awaiting requested review from vanvianen vanvianen is a code owner

Assignees

@vanvianen vanvianen

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code size/l

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@vanvianen