build(deps): consolidated dependabot updates (2026-05-27)

[ibutterbot]

Consolidated Dependabot Updates

Updates poetry.lock only — pyproject.toml constraints are unchanged (>= ranges already cover these versions).

Package	From	To
pytest-rerunfailures	16.1	16.2
ruff	0.15.0	0.15.13
boto3	1.42.45	1.43.11
lxml	6.0.2	6.1.1
types-pyyaml	6.0.12.20250915	6.0.12.20260518
types-aiofiles	25.1.0.20251011	25.1.0.20260518
chialisp	0.4.1	0.4.5
aiohttp	3.13.3	3.13.5

Consolidates: #20952, #20951, #20950, #20949, #20948, #20947, #20919, #20796

#20944 (codeql-action) already resolved — main uses @v4 tag.

---

Generated by dependabot-consolidator

---

Note

Low Risk
Lockfile-only dependency resolution with no code changes; slightly higher watch on chialisp and boto3 patch bumps due to compiler and AWS client usage.

Overview
This PR only updates poetry.lock; pyproject.toml version constraints are unchanged, so Poetry picks newer releases already allowed by existing >= ranges.

Runtime / main group: aiohttp 3.13.4→3.13.5, boto3 1.43.8→1.43.11 (with matching botocore floor), and chialisp 0.4.1→0.4.5 (lock metadata also drops the prior package description string). chialisp is the main functional dependency bump for reviewers—compiler/WASM tooling used in production paths, not just CI.

Dev / optional extras: lxml 6.1.0→6.1.1, ruff 0.15.8→0.15.13, pytest-rerunfailures 16.1→16.2 (pytest peer bound now >=8.1), plus stub refreshes for types-aiofiles and types-pyyaml.

No application source changes; impact is whatever these upstream patch/minor releases introduce at install time.

^{Reviewed by Cursor Bugbot for commit 8d9c9ae. Bugbot is set up for automated code reviews on this repo. Configure here.}

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	pypi/​pytest-rerunfailures@​16.1 ⏵ 16.2	+1
	pypi/​boto3@​1.43.8 ⏵ 1.43.11
	pypi/​ruff@​0.15.8 ⏵ 0.15.13	+1

View full report

[socket-security]

All alerts resolved. Learn more about Socket for GitHub.

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

View full report

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit a0e1c54. Configure here.}

[coveralls-official]

Coverage Report for CI Build 26524461080

Warning

Build has drifted: This PR's base is out of sync with its target branch, so coverage data may include unrelated changes.
Quick fix: rebase this PR. Learn more →

Coverage remained the same at 91.488%

Details

• Coverage remained the same as the base build.
• Patch coverage: No coverable lines changed in this PR.
• 31 coverage regressions across 6 files.

Uncovered Changes

No uncovered changes found.

Coverage Regressions

31 previously-covered lines in 6 files lost coverage.

File	Lines Losing Coverage	Coverage
chia/_tests/core/util/test_lockfile.py	21	77.42%
chia/simulator/setup_services.py	3	96.3%
chia/data_layer/data_layer.py	2	85.68%
chia/full_node/full_node.py	2	88.41%
chia/timelord/timelord_launcher.py	2	70.21%
chia/_tests/simulation/test_simulation.py	1	96.5%

---

Coverage Stats

Relevant Lines:	122088
Covered Lines:	111870
Line Coverage:	91.63%
Relevant Branches:	12045
Covered Branches:	10846
Branch Coverage:	90.05%
Branches in Coverage %:	Yes
Coverage Strength:	1.83 hits per line

---

💛 - Coveralls