chore(deps): bump the python-deps group with 14 updates

[dependabot]

Updates the requirements on msal, requests, pyyaml, questionary, rich, pytest, pytest-cov, pytest-mock, responses, ruff, bandit, pip-audit, mypy and types-requests to permit the latest version.
Updates msal to 1.37.0

Release notes

Sourced from msal's releases.

1.37.0

Breaking Changes

• Removed support for Python 3.8 in #910

New Features

• Add User Federated Identity Credential (user_fic) grant type support in #918

Bug Fixes and Improvements

• Use unsigned redirect URI for macOS broker silent flows in #907
• Escape username parameter in #901
• Forward MSAL client metadata headers through IMDS to ESTS in #902

Dependency Updates

• Update pymsalruntime minimum version to 0.20.6 in #919
• Bump cryptography dependency ceiling to <50 (N+3) in #906

Commits

• ebb980f Update version to 1.37.0 (#922)
• c504b41 Migrate CI/CD from GitHub Actions to ADO; remove GH Actions workflow (#895)
• 192a82d Removed support for Python 3.8 (#910)
• 08aa7fd Add User Federated Identity Credential (user_fic) grant type support (#918)
• d4f58ec Add documentation for MSI v2 mTLS in Python (#904)
• 5866feb Create design document for MSI v2 In-Memory Key Approach (#905)
• 651d54b Update pymsalruntime minimum version to 0.20.6 (#919)
• 895b581 Use unsigned redirect uri for mac broker flows (#907)
• 8ea1eaa Switch FMI tests from disabled IDLABS_APP_FMI to MISE-App-FMICLIENT (#913)
• faf5dce Bump cryptography dependency ceiling to <50 (N+3) (#906)
• Additional commits viewable in compare view

Updates requests to 2.34.2

Release notes

Sourced from requests's releases.

v2.34.2

2.34.2 (2026-05-14)

• Moved headers input type back to Mapping to avoid invariance issues with MutableMapping and inferred dict types. Users calling Request.headers.update() may need to narrow typing in their code. (#7441)

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14

Changelog

Sourced from requests's changelog.

2.34.2 (2026-05-14)

• Moved headers input type back to Mapping to avoid invariance issues with MutableMapping and inferred dict types. Users calling Request.headers.update() may need to narrow typing in their code. (#7441)

2.34.1 (2026-05-13)

Bugfixes

• Widened json input type from dict and list to Mapping and Sequence. (#7436)
• Changed headers input type to MutableMapping and removed None from Request.headers typing to improve handling for users. (#7431)
• Response.reason moved from str | None to str to improve handling for users. (#7437)
• Fixed a bug where some bodies with custom __getattr__ implementations weren't being properly detected as Iterables. (#7433)

2.34.0 (2026-05-11)

Announcements

• Requests 2.34.0 introduces inline types, replacing those provided by typeshed. Public API types should be fully compatible with mypy, pyright, and ty. We believe types are comprehensive but if you find issues, please report them to the pinned tracking issue.

  Special thanks to @​bastimeyer, @​cthoyt, @​edgarrmondragon, and @​srittau for helping review and test the types ahead of the release. (#7272)

Improvements

• Digest Auth hashing algorithms have added usedforsecurity=False to clarify security considerations. (#7310)
• Requests added support for Python 3.15 based on beta1. Downstream projects should be able to start testing prior to its release in October. (#7422)
• Requests added support for Python 3.14t. (#7419)

Bugfixes

• Response.history no longer contains a reference to itself, preventing accidental looping when traversing the history list. (#7328)
• Requests no longer performs greedy matching on no_proxy domains. The proxy_bypass implementation has been updated with CPython's fix from bpo-39057. (#7427)
• Requests no longer incorrectly strips duplicate leading slashes in URI paths. This should address user issues with specific presigned URLs. Note the full fix requires urllib3 2.7.0+. (#7315)

... (truncated)

Commits

• 6e83187 v2.34.2
• 84d10f0 Move Request.headers back to Mapping (#7441)
• b7b549b v2.34.1
• e511bc7 Fix mutability issues with headers input types (#7431)
• 5691f59 Update JsonType containers to read-based collections (#7436)
• 2144213 Constrain Response.reason to str (#7437)
• 6404f34 Fix prepare_body stream detection for __getattr__-based file wrappers (#7...
• 0b401c7 v2.34.0
• 86b378d Align Session.get parameters with requests.get (#7429)
• a4f9a59 Port bpo-39057 to Requests (#7427)
• Additional commits viewable in compare view

Updates pyyaml to 6.0.3

Release notes

Sourced from pyyaml's releases.

6.0.3

What's Changed

• Support for Python 3.14 and free-threading (experimental).

Full Changelog: yaml/pyyaml@6.0.2...6.0.3

Changelog

Sourced from pyyaml's changelog.

6.0.3 (2025-09-25)

• yaml/pyyaml#864 -- Support for Python 3.14 and free-threading (experimental)

6.0.2 (2024-08-06)

• yaml/pyyaml#808 -- Support for Cython 3.x and Python 3.13

6.0.1 (2023-07-18)

• yaml/pyyaml#702 -- pin Cython build dep to < 3.0

6.0 (2021-10-13)

• yaml/pyyaml#327 -- Change README format to Markdown
• yaml/pyyaml#483 -- Add a test for YAML 1.1 types
• yaml/pyyaml#497 -- fix float resolver to ignore . and ._
• yaml/pyyaml#550 -- drop Python 2.7
• yaml/pyyaml#553 -- Fix spelling of “hexadecimal”
• yaml/pyyaml#556 -- fix representation of Enum subclasses
• yaml/pyyaml#557 -- fix libyaml extension compiler warnings
• yaml/pyyaml#560 -- fix ResourceWarning on leaked file descriptors
• yaml/pyyaml#561 -- always require Loader arg to yaml.load()
• yaml/pyyaml#564 -- remove remaining direct distutils usage

5.4.1 (2021-01-20)

• yaml/pyyaml#480 -- Fix stub compat with older pyyaml versions that may unwittingly load it

5.4 (2021-01-19)

• yaml/pyyaml#407 -- Build modernization, remove distutils, fix metadata, build wheels, CI to GHA
• yaml/pyyaml#472 -- Fix for CVE-2020-14343, moves arbitrary python tags to UnsafeLoader
• yaml/pyyaml#441 -- Fix memory leak in implicit resolver setup
• yaml/pyyaml#392 -- Fix py2 copy support for timezone objects
• yaml/pyyaml#378 -- Fix compatibility with Jython

5.3.1 (2020-03-18)

• yaml/pyyaml#386 -- Prevents arbitrary code execution during python/object/new constructor

5.3 (2020-01-06)

• yaml/pyyaml#290 -- Use is instead of equality for comparing with None
• yaml/pyyaml#270 -- Fix typos and stylistic nit
• yaml/pyyaml#309 -- Fix up small typo
• yaml/pyyaml#161 -- Fix handling of slots
• yaml/pyyaml#358 -- Allow calling add_multi_constructor with None
• yaml/pyyaml#285 -- Add use of safe_load() function in README
• yaml/pyyaml#351 -- Fix reader for Unicode code points over 0xFFFF

... (truncated)

Commits

• 49790e7 Release 6.0.3 (#889)
• 41309b0 Release 6.0.2 (#819)
• dd9f0e1 6.0.2rc1 (#809)
• f5527a2 disable CI trigger on PR edits
• b4d80a7 Python 3.12 + musllinux_1_1_x86_64 wheel support
• c42fa3b 6.0.1 release
• ae08bdc block Cython 3.0+ as a build dep (#702)
• f873cfe Add python 3.11 support (#663)
• See full diff in compare view

Updates questionary to 2.1.1

Commits

• f25a001 incremented version
• 2b3bf56 Merge pull request #456 from purplezimmermann/zimmermann/find-window
• 89e4142 Use PromptSession.layout.find_all_windows() helper
• 584f9ae Bump pytest from 8.3.4 to 8.3.5 (#433)
• eaba639 Bump mypy from 1.14.1 to 1.15.0 (#434)
• c95d7e9 Updated supported Python versions to >= 3.9 (#420)
• 94ff1eb Bump mypy from 1.14.0 to 1.14.1 (#418)
• 95b377f Bump mypy from 1.13.0 to 1.14.0 (#417)
• 9fbbfa4 Release version 2.1.0 (#416)
• cb9f32c Bump sphinx-rtd-theme from 2.0.0 to 3.0.2 (#408)
• Additional commits viewable in compare view

Updates rich to 15.0.0

Release notes

Sourced from rich's releases.

The So Long 3.8 Release

A few fixes. The major version bump is to honor the passing of 3.8 support which reached its EOL in October 7, 2024

[15.0.0] - 2026-04-12

Changed

• Breaking change: Dropped support for Python3.8

Fixed

• Fixed empty print ignoring the end parameter Textualize/rich#4075
• Fixed Text.from_ansi removing newlines Textualize/rich#4076
• Fixed FileProxy.isatty not proxying Textualize/rich#4077
• Fixed inline code in Markdown tables cells Textualize/rich#4079

Changelog

Sourced from rich's changelog.

[15.0.0] - 2026-04-12

Changed

• Breaking change: Dropped support for Python3.8

Fixed

• Fixed empty print ignoring the end parameter Textualize/rich#4075
• Fixed Text.from_ansi removing newlines Textualize/rich#4076
• Fixed FileProxy.isatty not proxying Textualize/rich#4077
• Fixed inline code in Markdown tables cells Textualize/rich#4079

[14.3.4] - 2026-04-11

Changed

• Improved import time with lazy loading Textualize/rich#4070
• Changed link id generation to avoid random number generation at runtime Textualize/rich#3845

[14.3.3] - 2026-02-19

Fixed

• Fixed infinite loop with cells.split_graphemes Textualize/rich#4006

[14.3.2] - 2026-02-01

Fixed

• Fixed solo ZWJ crash Textualize/rich#3953
• Fixed control codes reporting width of 1 Textualize/rich#3953

[14.3.1] - 2026-01-24

Fixed

• Fixed characters out of unicode range reporting a cell size if 0 Textualize/rich#3944

[14.3.0] - 2026-01-24

Fixed

• IPython now respects when a Console instance is passed to pretty.install Textualize/rich#3915
• Fixed extraneous blank line on non-interactive disabled Progress Textualize/rich#3905
• Fixed extra padding on first cell in columns Textualize/rich#3935
• Fixed trailing whitespace removed when soft_wrap=True Textualize/rich#3937
• Fixed style new-lines when soft_wrap = True and a print style is set Textualize/rich#3938

Added

... (truncated)

Commits

• 6ac483c correction
• 458a910 Merge pull request #4080 from Textualize/bump1500
• 82e06e0 changelog
• d6556bc bump to 15.0.0
• ffe2edc Merge pull request #4079 from Textualize/inline-table-code
• cf3b5a1 changelog
• 77f0edb remove comments
• 7ef2d05 fix inline code in table cells
• 19c67b9 Merge pull request #4077 from Textualize/isattry
• 494b795 changelog
• Additional commits viewable in compare view

Updates pytest to 9.0.3

Release notes

Sourced from pytest's releases.

9.0.3

pytest 9.0.3 (2026-04-07)

Bug fixes

• #12444: Fixed pytest.approx which now correctly takes into account ~collections.abc.Mapping keys order to compare them.

• #13634: Blocking a conftest.py file using the -p no: option is now explicitly disallowed.

  Previously this resulted in an internal assertion failure during plugin loading.

  Pytest now raises a clear UsageError explaining that conftest files are not plugins and cannot be disabled via -p.

• #13734: Fixed crash when a test raises an exceptiongroup with __tracebackhide__ = True.

• #14195: Fixed an issue where non-string messages passed to unittest.TestCase.subTest() were not printed.

• #14343: Fixed use of insecure temporary directory (CVE-2025-71176).

Improved documentation

• #13388: Clarified documentation for -p vs PYTEST_PLUGINS plugin loading and fixed an incorrect -p example.
• #13731: Clarified that capture fixtures (e.g. capsys and capfd) take precedence over the -s / --capture=no command-line options in Accessing captured output from a test function <accessing-captured-output>.
• #14088: Clarified that the default pytest_collection hook sets session.items before it calls pytest_collection_finish, not after.
• #14255: TOML integer log levels must be quoted: Updating reference documentation.

Contributor-facing changes

• #12689: The test reports are now published to Codecov from GitHub Actions. The test statistics is visible on the web interface.

  -- by aleguy02

Commits

• a7d58d7 Prepare release version 9.0.3
• 089d981 Merge pull request #14366 from bluetech/revert-14193-backport
• 8127eaf Revert "Fix: assertrepr_compare respects dict insertion order (#14050) (#14193)"
• 99a7e60 Merge pull request #14363 from pytest-dev/patchback/backports/9.0.x/95d8423bd...
• ddee02a Merge pull request #14343 from bluetech/cve-2025-71176-simple
• 74eac69 doc: Update training info (#14298) (#14301)
• f92dee7 Merge pull request #14267 from pytest-dev/patchback/backports/9.0.x/d6fa26c62...
• 7ee58ac Merge pull request #12378 from Pierre-Sassoulas/fix-implicit-str-concat-and-d...
• 37da870 Merge pull request #14259 from mitre88/patch-4 (#14268)
• c34bfa3 Add explanation for string context diffs (#14257) (#14266)
• Additional commits viewable in compare view

Updates pytest-cov to 7.1.0

Changelog

Sourced from pytest-cov's changelog.

7.1.0 (2026-03-21)

• Fixed total coverage computation to always be consistent, regardless of reporting settings. Previously some reports could produce different total counts, and consequently can make --cov-fail-under behave different depending on reporting options. See [#641](https://github.com/pytest-dev/pytest-cov/issues/641) <https://github.com/pytest-dev/pytest-cov/issues/641>_.

• Improve handling of ResourceWarning from sqlite3.

  The plugin adds warning filter for sqlite3 ResourceWarning unclosed database (since 6.2.0). It checks if there is already existing plugin for this message by comparing filter regular expression. When filter is specified on command line the message is escaped and does not match an expected message. A check for an escaped regular expression is added to handle this case.

  With this fix one can suppress ResourceWarning from sqlite3 from command line::

  pytest -W "ignore:unclosed database in <sqlite3.Connection object at:ResourceWarning" ...

• Various improvements to documentation. Contributed by Art Pelling in [#718](https://github.com/pytest-dev/pytest-cov/issues/718) <https://github.com/pytest-dev/pytest-cov/pull/718>_ and "vivodi" in [#738](https://github.com/pytest-dev/pytest-cov/issues/738) <https://github.com/pytest-dev/pytest-cov/pull/738>. Also closed [#736](https://github.com/pytest-dev/pytest-cov/issues/736) <https://github.com/pytest-dev/pytest-cov/issues/736>.

• Fixed some assertions in tests. Contributed by in Markéta Machová in [#722](https://github.com/pytest-dev/pytest-cov/issues/722) <https://github.com/pytest-dev/pytest-cov/pull/722>_.

• Removed unnecessary coverage configuration copying (meant as a backup because reporting commands had configuration side-effects before coverage 5.0).

7.0.0 (2025-09-09)

• Dropped support for subprocesses measurement.

  It was a feature added long time ago when coverage lacked a nice way to measure subprocesses created in tests. It relied on a .pth file, there was no way to opt-out and it created bad interations with coverage's new patch system <https://coverage.readthedocs.io/en/latest/config.html#run-patch>_ added in 7.10 <https://coverage.readthedocs.io/en/7.10.6/changes.html#version-7-10-0-2025-07-24>_.

  To migrate to this release you might need to enable the suprocess patch, example for .coveragerc:

  .. code-block:: ini

  [run] patch = subprocess

  This release also requires at least coverage 7.10.6.

• Switched packaging to have metadata completely in pyproject.toml and use hatchling <https://pypi.org/project/hatchling/>_ for building. Contributed by Ofek Lev in [#551](https://github.com/pytest-dev/pytest-cov/issues/551) <https://github.com/pytest-dev/pytest-cov/pull/551>_ with some extras in [#716](https://github.com/pytest-dev/pytest-cov/issues/716) <https://github.com/pytest-dev/pytest-cov/pull/716>_.

• Removed some not really necessary testing deps like six.

... (truncated)

Commits

• 66c8a52 Bump version: 7.0.0 → 7.1.0
• f707662 Make the examples use pypy 3.11.
• 6049a78 Make context test use the old ctracer (seems the new sysmon tracer behaves di...
• 8ebf20b Update changelog.
• 861d30e Remove the backup context manager - shouldn't be needed since coverage 5.0, ...
• fd4c956 Pass the precision on the nulled total (seems that there's some caching goion...
• 78c9c4e Only run the 3.9 on older deps.
• 4849a92 Punctuation.
• 197c35e Update changelog and hopefully I don't forget to publish release again :))
• 14dc1c9 Update examples to use 3.11 and make the adhoc layout example look a bit more...
• Additional commits viewable in compare view

Updates pytest-mock to 3.15.1

Release notes

Sourced from pytest-mock's releases.

v3.15.1

2025-09-16

• #529: Fixed itertools._tee object has no attribute error -- now duplicate_iterators=True must be passed to mocker.spy to duplicate iterators.

Changelog

Sourced from pytest-mock's changelog.

3.15.1

2025-09-16

• [#529](https://github.com/pytest-dev/pytest-mock/issues/529) <https://github.com/pytest-dev/pytest-mock/issues/529>_: Fixed itertools._tee object has no attribute error -- now duplicate_iterators=True must be passed to mocker.spy to duplicate iterators.

3.15.0

2025-09-04

• Python 3.8 (EOL) is no longer supported.
• [#524](https://github.com/pytest-dev/pytest-mock/issues/524) <https://github.com/pytest-dev/pytest-mock/pull/524>_: Added spy_return_iter to mocker.spy, which contains a duplicate of the return value of the spied method if it is an Iterator.

3.14.1 (2025-05-26)

• [#503](https://github.com/pytest-dev/pytest-mock/issues/503) <https://github.com/pytest-dev/pytest-mock/pull/503>_: Python 3.14 is now officially supported.

3.14.0 (2024-03-21)

• [#415](https://github.com/pytest-dev/pytest-mock/issues/415) <https://github.com/pytest-dev/pytest-mock/pull/415>_: MockType and AsyncMockType can be imported from pytest_mock for type annotation purposes.

• [#420](https://github.com/pytest-dev/pytest-mock/issues/420) <https://github.com/pytest-dev/pytest-mock/issues/420>_: Fixed a regression which would cause mocker.patch.object to not being properly cleared between tests.

3.13.0 (2024-03-21)

• [#417](https://github.com/pytest-dev/pytest-mock/issues/417) <https://github.com/pytest-dev/pytest-mock/pull/417>_: spy now has spy_return_list, which is a list containing all the values returned by the spied function.
• pytest-mock now requires pytest>=6.2.5.
• [#410](https://github.com/pytest-dev/pytest-mock/issues/410) <https://github.com/pytest-dev/pytest-mock/pull/410>: pytest-mock's setup.py file is removed. If you relied on this file, e.g. to install pytest using setup.py install, please see Why you shouldn't invoke setup.py directly <https://blog.ganssle.io/articles/2021/10/setup-py-deprecated.html#summary> for alternatives.

3.12.0 (2023-10-19)

• Added support for Python 3.12.
• Dropped support for EOL Python 3.7.
• mocker.resetall() now also resets mocks created by mocker.create_autospec ([#390](https://github.com/pytest-dev/pytest-mock/issues/390)_).

.. _#390: pytest-dev/pytest-mock#390

3.11.1 (2023-06-15)

(This release source code is identical to 3.11.0 except a small internal fix to deployment/CI)

... (truncated)

Commits

• e1b5c62 Release 3.15.1
• 184eb19 Set spy_return_iter only when explicitly requested (#537)
• 4fa0088 [pre-commit.ci] pre-commit autoupdate (#536)
• f5aff33 Fix test failure with pytest 8+ and verbose mode (#535)
• adc4187 Bump actions/setup-python from 5 to 6 in the github-actions group (#533)
• 95ad570 [pre-commit.ci] pre-commit autoupdate (#532)
• e696bf0 Fix standalone mock support (#531)
• 5b29b03 Fix gen-release-notes script
• 7d22ef4 Merge pull request #528 from pytest-dev/release-3.15.0
• 90b29f8 Update CHANGELOG for 3.15.0
• Additional commits viewable in compare view

Updates responses to 0.26.1

Release notes

Sourced from responses's releases.

0.26.1

• Added Spanish translation of the README (README.es.rst)
• When both content_type and headers['content-type'] are in a response mock file, content_type is now used.
• Added strict_match to urlencoded_params_matcher, enabling partial request parameter matching.

Changelog

Sourced from responses's changelog.

0.26.1

• Added Spanish translation of the README (README.es.rst)
• When both content_type and headers['content-type'] are in a response mock file, content_type is now used.
• Added strict_match to urlencoded_params_matcher, enabling partial request parameter matching.

0.26.0

• When using assert_all_requests_are_fired=True, assertions about unfired requests are now raised even when an exception occurs in the context manager or decorated function. Previously, these assertions were suppressed when exceptions occurred. This new behavior provides valuable debugging context about which mocked requests were or weren't called.
• Consider the Retry-After header when handling retries

0.25.8

• Fix bug where the content type is always recorded as either text/plain or application/json. See #770
• Allow asserts on add_callback() matches. See #727

0.25.7

• Added support for python 3.13

0.25.6

• Added py.typed to package_data

0.25.5

• Fix readme issue that prevented 0.25.4 from being published to pypi.

0.25.4

• Responses can now match requests that use data with file-like objects. Files will be read as bytes and stored in the request mock. See #736
• RequestsMock.matchers was added. This property is an alias to responses.matchers. See #739
• Removed tests from packaged wheels. See #746
• Improved recorder API to ease use in REPL environments. See #745

... (truncated)

Commits

• 7a80232 release: 0.26.1
• 1fda897 Add strict_match parameter to urlencoded_params_matcher (#796)
• ab8d480 chore: Fix lint build and update changes (#795)
• 71be9a2 fix: remove content-type from headers in _add_from_file to avoid RuntimeError...
• 84c2b08 Add Spanish translation of the README documentation (#790)
• 3da192e chore: pin GitHub Actions to full-length commit SHAs (#789)
• cc53d77 Merge branch 'release/0.26.0'
• 94913d0 release: 0.26.0
• 051b79e Make assert_all_requests_are_fired always assert on exception (#782)
• 0905cb8 Fix query_param_matcher not matching empty query parameter values (#787)
• Additional commits viewable in compare view

Updates ruff to 0.15.16

Release notes

Sourced from ruff's releases.

0.15.16

Release Notes

Released on 2026-06-04.

Preview features

• [flake8-async] Implement yield-in-context-manager-in-async-generator (ASYNC119) (#24644)
• [pylint] Narrow diagnostic range and exclude cases without exception handlers (PLW0717) (#25440)
• [ruff] Treat yield before break from a terminal loop as terminal (RUF075) (#25447)

Bug fixes

• [eradicate] Avoid flagging ruff:ignore comments as code (ERA001) (#25537)
• [eradicate] Fix ERA001/RUF100 conflict when noqa is on commented-out code (#25414)
• [pyflakes] Avoid removing the format call when it would change behavior (F523) (#25320)
• [pylint] Avoid syntax errors in invalid character replacements in f-strings before Python 3.12 (PLE2510, PLE2512, PLE2513, PLE2514, PLE2515) (#25544)
• [pyupgrade] Avoid converting format calls with more kinds of side effects (UP032) (#25484)

Rule changes

• [flake8-pytest-style] Avoid fixes for ambiguous argnames and argvalues combinations (PT006) (#24776)

Performance

• Drop excess capacity from statement suites during parsing (#25368)

Documentation

• [pydocstyle] Improve discoverability of rules enabled for each convention (#24973)
• [ruff] Restore example code for Python versions before 3.15 (RUF017) (#25439)
• Fix typo bin/active → bin/activate in tutorial (#25473)

Other changes

• Shrink additional parser AST collections (#25465)

Contributors

• @​Redslayer112
• @​koriyoshi2041
• @​George-Ogden
• @​TejasAmle
• @​anishgirianish
• @​ntBre
• @​MichaReiser
• @​loganrosen
• @​RafaelJohn9
• @​adityasingh2400

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.16

Released on 2026-06-04.

Preview features

• [flake8-async] Implement yield-in-context-manager-in-async-generator (ASYNC119) (#24644)
• [pylint] Narrow diagnostic range and exclude cases without exception handlers (PLW0717) (#25440)
• [ruff] Treat yield before break from a terminal loop as terminal (RUF075) (#25447)

Bug fixes

• [eradicate] Avoid flagging ruff:ignore comments as code (ERA001) (#25537)
• [eradicate] Fix ERA001/RUF100 conflict when noqa is on commented-out code (#25414)
• [pyflakes] Avoid removing the format call when it would change behavior (F523) (#25320)
• [pylint] Avoid syntax errors in invalid character replacements in f-strings before Python 3.12 (PLE2510, PLE2512, PLE2513, PLE2514, PLE2515) (#25544)
• [pyupgrade] Avoid converting format calls with more kinds of side effects (UP032) (#25484)

Rule changes

• [flake8-pytest-style] Avoid fixes for ambiguous argnames and argvalues combinations (PT006) (#24776)

Performance

• Drop excess capacity from statement suites during parsing (#25368)

Documentation

• [pydocstyle] Improve discoverability of rules enabled for each convention (#24973)
• [ruff] Restore example code for Python versions before 3.15 (RUF017) (#25439)
• Fix typo bin/active → bin/activate in tutorial (#25473)

Other changes

• Shrink additional parser AST collections (#25465)

Contributors

• @​Redslayer112
• @​koriyoshi2041
• @​George-Ogden
• @​TejasAmle
• @​anishgirianish
• @​ntBre
• @​MichaReiser
• @​loganrosen
• @​RafaelJohn9
• @​adityasingh2400

0.15.15

... (truncated)

Commits

• 6c498ab Bump 0.15.16 (#25635)
• e51e132 [flake8-async] Implement yield-in-context-manager-in-async-generator (`AS...
• 7c6dcd9 [ty] Add caching for pattern match narrowing (#25613)
• 27058fc [ty] Compact retained definition and expression identities (#25606)
• bf80d05 Fix CODEOWNERS syntax (#25622)
• 10ccd51 Shrink additional parser AST collections (#25465)
• 0d7135f [ty] Upgrade Salsa (#25545)
• 49493a3 [ty] Show type alias value on hover (#25381)
• 85207d3 [ty] sys.implementation.version is not sys.version_info (#25608)
• a8a0614 [ty] Avoid retaining duplicate function signatures (#25609)
• Additional commits viewable in compare view

Updates bandit to 1.9.4

Release notes

Sourced from bandit's releases.

1.9.4

What's Changed

• chore: fixed some typos in comments by @​jakob1379 in PyCQA/bandit#1351
• Bump docker/login-action from 3.6.0 to 3.7.0 by @​dependabot[bot] in PyCQA/bandit#1353
• Bump docker/build-push-action from 6.18.0 to 6.19.2 by @​dependabot[bot] in PyCQA/bandit#1357
• Fix B613 crash when reading from stdin by @​worksbyfriday in PyCQA/bandit#1361
• Include filename in nosec 'no failed test' warning by @​worksbyfriday in PyCQA/bandit#1363
• Fix B615 false positive when revision is set via variable by @​worksbyfriday in PyCQA/bandit#1358
• Lower version guard in check_ast_node to Python 3.12 by @​rcgray in PyCQA/bandit#1355
• Fix B106 reporting wrong line number on multiline function calls by @​worksbyfriday in PyCQA/bandit#1360

New Contributors

• @​jakob1379 made their first contribution in PyCQA/bandit#1351
• @​worksbyfriday made their first contribution in PyCQA/bandit#1361
• @​rcgray made their first contribution in PyCQA/bandit#1355

Full Changelog: PyCQA/bandit@1.9.3...1.9.4

Commits

• 92ae8b8 Fix B106 reporting wrong line number on multiline function calls (#1360)
• c8c8a55 Lower version guard in check_ast_node to Python 3.12 (Description has been truncated