Skip to content

Bump the uv group across 1 directory with 6 updates#79

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/uv-1dfa713f8d
Open

Bump the uv group across 1 directory with 6 updates#79
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/uv-1dfa713f8d

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 17, 2026

Copy link
Copy Markdown
Contributor

Bumps the uv group with 6 updates in the / directory:

Package From To
tqdm 4.67.3 4.68.3
pysentry-rs 0.4.5 0.4.6
pytest 9.0.3 9.1.0
ruff 0.15.14 0.15.17
ty 0.0.40 0.0.49
mkdocstrings-python 2.0.3 2.0.4

Updates tqdm from 4.67.3 to 4.68.3

Release notes

Sourced from tqdm's releases.

tqdm v4.68.3 stable

  • utils: delay os.get_terminal_size (#1763 <- #1760)
  • autonotebook: support QtConsole, Spyder, JupyterLite (#1763, #1628, #1559 <- #1283, #1098, #512)
  • minor docs updates
    • fix typo (#1762)
    • use git-fame
  • misc minor framework updates
    • fix & update CI build
    • pre-commit: add docs & metadata generation
    • move tox.ini -> pyproject.toml, move tox-gh-actions -> tox-gh
    • add Python 3.14, drop 3.7 support

tqdm v4.68.2 stable

  • revert accidental change to ascii default (fixes #1760)
    • UnicodeEncodeError: 'charmap' codec can't encode characters in position 6-7: character maps to <undefined> can be fixed by installing tqdm!=4.68.0,!=4.68.1
  • misc docs updates
    • fix links
    • replace stray rst -> md syntax
    • consistent "progress bar" terminology (#1737)
  • tests: fix coverage (fixes #1760)

tqdm v4.68.1 stable

tqdm v4.68.0 stable

  • utils: simplify terminal size detection (#1760)
  • contrib
    • itertools (#1760)
      • add chain, permutations, combinations, combinations_with_replacement, batched
      • add product(repeat=1) keyword argument (#1428)
    • fix discord, telegram error handling
    • fix discord, slack, telegram format for total=None
  • soft-deprecate tqdm.utils.envwrap -> envwrap
  • benchmarks: fix asv
  • misc linting
  • misc framework updates
    • CI: migrate manual job to pre-commit.ci
    • bump workflow actions & pre-commit hooks
Commits
  • 9aff609 bump version, merge pull request #1763 from tqdm/jupyterlite
  • 9872f80 drop date from snap version str to fix pydantic
  • b829334 support QtConsole, Spyder, JupyterLite
  • 6fa4867 delay os.get_terminal_size
  • 748e107 lint
  • e6e29eb move tox.ini -> pyproject.toml
  • 617e4fa tox-gh-actions -> tox-gh
  • c49c50d add python 3.14, drop python 3.7 support
  • fa2bcdb pre-commit: tqdm.1
  • 1ec7988 auto git-fame
  • Additional commits viewable in compare view

Updates pysentry-rs from 0.4.5 to 0.4.6

Release notes

Sourced from pysentry-rs's releases.

v0.4.6

✨ New Features

Audit a Single Dependency Group (--group)

The new --group flag scopes an audit to specific dependency groups instead of the whole dependency tree. It is supported for uv (uv.lock), Poetry (poetry.lock), and PEP 751 (pylock.toml) projects. PySentry audits your main dependencies ([project].dependencies / [tool.poetry.dependencies]) plus the selected group(s) and their transitive closure, leaving the rest out:

# Audit main dependencies + the "dev" group only
pysentry-rs --group dev
Multiple groups (repeatable or comma-separated)
pysentry-rs --group dev --group docs
pysentry-rs --group dev,docs

Group names are read from any of the standard locations:

  • PEP 735 [dependency-groups] (with include-group recursion)
  • PEP 621 [project.optional-dependencies]
  • Poetry [tool.poetry.group.*]

Names are matched using PEP 735 normalization, so --group typing-test matches a declared typing_test. An unknown name fails with the list of available groups.

--group requires a lock file. Group filtering relies on a group-aware lock file — uv.lock, poetry.lock, or pylock.toml (including named pylock.<name>.toml variants) — alongside your pyproject.toml. On a project without one, PySentry fails fast with a clear error instead of silently auditing the full dependency set. (Pipfile.lock is not supported — Pipfile has no dependency-group concept.)

--group cannot be combined with --exclude-extra (or config scope = "main"), --requirements-files, or --no-resolver. It can also be set in config:

# .pysentry.toml
[defaults]
groups = ["dev", "docs"]

Resolves #151.

🐛 Bug Fixes

fail_on Silently Hid Vulnerabilities Below Its Threshold

fail_on (CLI --fail-on, config defaults.fail_on) is meant to control only the exit code — the severity at which an audit is considered a failure. A regression in v0.4.5 instead wired it into the matcher as a minimum-severity filter, so any vulnerability below the fail_on level was dropped from the report entirely rather than just being excluded from the pass/fail decision.

The effect scaled with the threshold. With the default fail_on = "medium", low-severity findings disappeared from the report. With fail_on = "critical", a project could contain many real high- and medium-severity vulnerabilities and still print ✓ No vulnerabilities found! with a clean exit. On one real uv.lock project (90 packages), v0.4.5 reported 0 vulnerabilities under fail_on = "critical" while the project actually had 31, several of them high severity.

PySentry now reports every matched vulnerability regardless of fail_on, and uses fail_on strictly to decide the exit code.

:::warning If you run PySentry with fail_on set above low (via --fail-on or config), affected vulnerabilities were missing from your reports while the audit may have exited successfully. Re-run your audit on this release. :::

... (truncated)

Commits
  • a61cbfc Merge pull request #159 from nyudenkov/dev
  • d22bc87 refactor: dedupe pyproject dependency parsing
  • d107e06 v0.4.6
  • 6f31945 readme: trying to make logo look okay
  • 82a299c fix: bump rustls-webpki to 0.103.13 to clear RUSTSEC-2026-0098/0099/0104
  • 89ba462 fix: version PyPA cache key to prevent cross-version EOCD crash
  • 17f20b1 fix: stop fail_on from filtering reported vulnerabilities
  • 48e800a ai: linked CLAUDE.md to AGENTS.md
  • e8de12b docs: document dependency group auditing
  • 418f3d4 feat: add dependency group audit scope
  • Additional commits viewable in compare view

Updates pytest from 9.0.3 to 9.1.0

Release notes

Sourced from pytest's releases.

9.1.0

pytest 9.1.0 (2026-06-13)

Removals and backward incompatible breaking changes

  • #14533: When using --doctest-modules, autouse fixtures with module, package or session scope that are defined inline in Python test modules (not plugins or conftests) will now possibly execute twice.

    If this is undesirable, move the fixture definition to a conftest.py file if possible.

    Technical explanation for those interested: When using --doctest-modules, pytest possibly collects Python modules twice, once as pytest.Module and once as a DoctestModule (depending on the configuration). Due to improvements in pytest's fixture implementation, if e.g. the DoctestModule collects a fixture, it is now visible to it only, and not to the Module. This means that both need to register the fixtures independently.

Deprecations (removal in next major release)

  • #10819: Added a deprecation warning for class-scoped fixtures defined as instance methods (without @classmethod). Such fixtures set attributes on a different instance than the test methods use, leading to unexpected behavior. Use @classmethod decorator instead -- by yastcher.

    See 10819 and 14011.

  • #12882: Calling request.getfixturevalue() <pytest.FixtureRequest.getfixturevalue> during teardown to request a fixture that was not already requested is now deprecated and will become an error in pytest 10.

    See dynamic-fixture-request-during-teardown for details.

  • #13409: Using non-~collections.abc.Collection iterables (such as generators, iterators, or custom iterable objects) for the argvalues parameter in @pytest.mark.parametrize <pytest.mark.parametrize ref> and metafunc.parametrize <pytest.Metafunc.parametrize> is now deprecated.

    These iterables get exhausted after the first iteration, leading to tests getting unexpectedly skipped in cases such as running pytest.main() multiple times, using class-level parametrize decorators, or collecting tests multiple times.

    See parametrize-iterators for details and suggestions.

  • #13946: The private config.inicfg attribute is now deprecated. Use config.getini() <pytest.Config.getini> to access configuration values instead.

    See config-inicfg for more details.

  • #14004: Passing baseid to ~pytest.FixtureDef or nodeid strings to fixture registration APIs is now deprecated. These are internal pytest APIs that are used by some plugins.

    Use the node parameter instead for fixture scoping. This enables more robust node-based matching instead of string prefix matching. If you've used nodeid=None, pass node=session instead.

    This will be removed in pytest 10.

  • #14335: The method of configuring hooks using markers, deprecated since pytest 7.2, is now scheduled to be removed in pytest 10. See hook-markers for more details.

  • #14434: The --pastebin option is now deprecated.

... (truncated)

Commits
  • b2522cf Prepare release version 9.1.0
  • 368d2fc [refactor] Tighten SetComparisonFunction to Iterator[str] (#14587)
  • ff77cd8 [refactor] Make base assertion comparisons return an iterator instead of a li...
  • 0d8491a build(deps): Bump actions/stale from 10.2.0 to 10.3.0
  • 4a809d9 Merge pull request #14568 from pytest-dev/register-fixture
  • 5dfa385 Fix recursion traceback test to cover all styles (#14582)
  • f52ff0c Add pytest.register_fixture
  • a8ac094 Merge pull request #14567 from pytest-dev/more-visibility-deprecate
  • e5620cd [pre-commit.ci] pre-commit autoupdate (#14577)
  • 2ce9c6d Merge pull request #14540 from minbang930/fix-14533-doctest-module-fixtures
  • Additional commits viewable in compare view

Updates ruff from 0.15.14 to 0.15.17

Release notes

Sourced from ruff's releases.

0.15.17

Release Notes

Released on 2026-06-11.

Preview features

  • Allow human-readable names in suppression comments (#25614)
  • Fix handling of ignore comments within a disable/enable pair (#25845)
  • Prioritize human-readable names in CLI output (#25869)
  • Respect diagnostic start and parent ranges and trailing comments in ruff:ignore suppressions (#25673)
  • [flake8-async] Add trio.as_safe_channel to safe decorators (ASYNC119) (#25775)
  • [flake8-pytest-style] Also check pytest_asyncio fixtures (#25375)
  • [ruff] Ban pytest autouse fixtures (RUF076) (#25477)
  • [pyupgrade] Add from __future__ import annotations automatically (UP007, UP045) (#23259)

Bug fixes

  • Fix diagnostic when ruff:enable or ruff:disable appears where ruff:ignore is expected (#25700)
  • [pyupgrade] Preserve leading empty literals to avoid syntax errors (UP032) (#25491)

Rule changes

  • [flake8-pytest-style] Clarify diagnostic message for single parameters (PT007) (#25592)
  • [numpy] Drop autofix for np.in1d (NPY201) (#25612)
  • [pylint] Exempt Python version comparisons (PLR2004) (#25743)

Performance

  • Reserve AST Vecs with correct capacity for common cases (#25451)

Formatter

  • Preserve whitespace for Quarto cell option comments (#25641)

CLI

  • Allow rule names in ruff rule (#25640)

Other changes

  • Fix playground diagnostics scrollbars (#25642)

Contributors

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.17

Released on 2026-06-11.

Preview features

  • Allow human-readable names in suppression comments (#25614)
  • Fix handling of ignore comments within a disable/enable pair (#25845)
  • Prioritize human-readable names in CLI output (#25869)
  • Respect diagnostic start and parent ranges and trailing comments in ruff:ignore suppressions (#25673)
  • [flake8-async] Add trio.as_safe_channel to safe decorators (ASYNC119) (#25775)
  • [flake8-pytest-style] Also check pytest_asyncio fixtures (#25375)
  • [ruff] Ban pytest autouse fixtures (RUF076) (#25477)
  • [pyupgrade] Add from __future__ import annotations automatically (UP007, UP045) (#23259)

Bug fixes

  • Fix diagnostic when ruff:enable or ruff:disable appears where ruff:ignore is expected (#25700)
  • [pyupgrade] Preserve leading empty literals to avoid syntax errors (UP032) (#25491)

Rule changes

  • [flake8-pytest-style] Clarify diagnostic message for single parameters (PT007) (#25592)
  • [numpy] Drop autofix for np.in1d (NPY201) (#25612)
  • [pylint] Exempt Python version comparisons (PLR2004) (#25743)

Performance

  • Reserve AST Vecs with correct capacity for common cases (#25451)

Formatter

  • Preserve whitespace for Quarto cell option comments (#25641)

CLI

  • Allow rule names in ruff rule (#25640)

Other changes

  • Fix playground diagnostics scrollbars (#25642)

Contributors

... (truncated)

Commits
  • 7c645a9 Bump 0.15.17 (#25872)
  • f381eb1 Prioritize human-readable names in CLI output (#25869)
  • b9b4546 Minor workflow simplification (#25870)
  • 1e77ba0 [ty] Move PreformattedBlockScanner to format-agnostic location. (#25856)
  • 6f2b772 [ty] Preserve nominal type of enum.property instances (#25849)
  • be4777c [ty] Fix site-package error when multiple versions of pythons are installed i...
  • 53f6ff7 Allow human-readable names in suppression comments (#25614)
  • 6740325 [ty] Restrict uncached raw signature access (#25866)
  • 970b1bf Auto-update snapshots when syncing typeshed (#25841)
  • 0785793 Fix handling of ignore comments within a disable/enable pair (#25845)
  • Additional commits viewable in compare view

Updates ty from 0.0.40 to 0.0.49

Release notes

Sourced from ty's releases.

0.0.49

Release Notes

Released on 2026-06-11.

Bug fixes

  • Fix site-package error when multiple versions of Python are installed in system path (#25769)

Diagnostics

  • Point at attribute's binding site in `invalid-await diagnostic (#24628)
  • Report redefined legacy TypeVars (#25854)

Performance

  • Add dedicated TDDs for narrowing constraints (#25834)
  • Avoid caching same-file raw signatures (#25761)
  • Cache reachability evaluations during inference (#25696)
  • Compact retained definition maps (#25737)
  • Omit redundant definition inference owner keys (#25837)

Core type checking

  • Preserve nominal type of enum.property instances (#25849)
  • Restrict length narrowing to types that encode their length (#25840)
  • Use peer context for collection literals (#25848)

Contributors

Install ty 0.0.49

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ty/releases/download/0.0.49/ty-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/ty/releases/download/0.0.49/ty-installer.ps1 | iex"

Download ty 0.0.49

... (truncated)

Changelog

Sourced from ty's changelog.

0.0.49

Released on 2026-06-11.

Bug fixes

  • Fix site-package error when multiple versions of Python are installed in system path (#25769)

Diagnostics

  • Point at attribute's binding site in `invalid-await diagnostic (#24628)
  • Report redefined legacy TypeVars (#25854)

Performance

  • Add dedicated TDDs for narrowing constraints (#25834)
  • Avoid caching same-file raw signatures (#25761)
  • Cache reachability evaluations during inference (#25696)
  • Compact retained definition maps (#25737)
  • Omit redundant definition inference owner keys (#25837)

Core type checking

  • Preserve nominal type of enum.property instances (#25849)
  • Restrict length narrowing to types that encode their length (#25840)
  • Use peer context for collection literals (#25848)

Contributors

0.0.48

Released on 2026-06-10.

Performance

  • Avoid redundant constraint saturation work (#25786)

Core type checking

  • Add support for TypedDict extra_items (#25591)
  • Improve closed=True TypedDict precision (#25651)
  • Require subtyping for transitive constraint pivots (#25778)
  • Sync vendored typeshed stubs (#25828). Typeshed diff

Contributors

... (truncated)

Commits

Updates mkdocstrings-python from 2.0.3 to 2.0.4

Release notes

Sourced from mkdocstrings-python's releases.

2.0.4

2.0.4 - 2026-06-05

Compare with 2.0.3

Bug Fixes

  • Display Methods instead of Functions for category headings inside classes (7bf8b98 by Timothée Mazzucotelli). Issue-330
Changelog

Sourced from mkdocstrings-python's changelog.

2.0.4 - 2026-06-05

Compare with 2.0.3

Bug Fixes

  • Display Methods instead of Functions for category headings inside classes (7bf8b98 by Timothée Mazzucotelli). Issue-330
Commits
  • dc6aa93 chore: Prepare release 2.0.4
  • 7bf8b98 fix: Display Methods instead of Functions for category headings inside classes
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the uv group across 1 directory with 6 updates
2602e49 
Bumps the uv group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [tqdm](https://github.com/tqdm/tqdm) | `4.67.3` | `4.68.3` |
| [pysentry-rs](https://github.com/nyudenkov/pysentry) | `0.4.5` | `0.4.6` |
| [pytest](https://github.com/pytest-dev/pytest) | `9.0.3` | `9.1.0` |
| [ruff](https://github.com/astral-sh/ruff) | `0.15.14` | `0.15.17` |
| [ty](https://github.com/astral-sh/ty) | `0.0.40` | `0.0.49` |
| [mkdocstrings-python](https://github.com/mkdocstrings/python) | `2.0.3` | `2.0.4` |



Updates `tqdm` from 4.67.3 to 4.68.3
- [Release notes](https://github.com/tqdm/tqdm/releases)
- [Commits](tqdm/tqdm@v4.67.3...v4.68.3)

Updates `pysentry-rs` from 0.4.5 to 0.4.6
- [Release notes](https://github.com/nyudenkov/pysentry/releases)
- [Commits](nyudenkov/pysentry@v0.4.5...v0.4.6)

Updates `pytest` from 9.0.3 to 9.1.0
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](pytest-dev/pytest@9.0.3...9.1.0)

Updates `ruff` from 0.15.14 to 0.15.17
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.14...0.15.17)

Updates `ty` from 0.0.40 to 0.0.49
- [Release notes](https://github.com/astral-sh/ty/releases)
- [Changelog](https://github.com/astral-sh/ty/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ty@0.0.40...0.0.49)

Updates `mkdocstrings-python` from 2.0.3 to 2.0.4
- [Release notes](https://github.com/mkdocstrings/python/releases)
- [Changelog](https://github.com/mkdocstrings/python/blob/main/CHANGELOG.md)
- [Commits](mkdocstrings/python@2.0.3...2.0.4)

---
updated-dependencies:
- dependency-name: tqdm
  dependency-version: 4.68.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: uv
- dependency-name: pysentry-rs
  dependency-version: 0.4.6
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: uv
- dependency-name: pytest
  dependency-version: 9.1.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: uv
- dependency-name: ruff
  dependency-version: 0.15.17
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: uv
- dependency-name: ty
  dependency-version: 0.0.49
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: uv
- dependency-name: mkdocstrings-python
  dependency-version: 2.0.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: uv
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jun 17, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants