Update isort requirement from ~=5.0 to >=5,<8

[dependabot]

Updates the requirements on isort to permit the latest version.

Release notes

Sourced from isort's releases.

7.0.0

Changes

💥 Breaking Changes

• Drop support for Python 3.9 (#2430) @​DanielNoord

🚀 Features

• Show absolute paths in skipped file messages (#2416) @​pranlawate

🪲 Fixes

• Some fixes for Python 3.14 (#2433) @​DanielNoord
• Test on 3.14 and fix any bugs (#2425) @​DanielNoord
• Update CHANGELOG.md + Fix Formatting and Grammar (#2419) @​lukbrew25
• Fix output of hanging indent for long lines with noqa (#2407) @​matan1008

👷 Continuous Integration

• Format with ruff instead of black (#2432) @​DanielNoord
• Target 3.10 for ruff (#2431) @​DanielNoord
• Update development dependencies to latest version (#2426) @​DanielNoord
• docs: update pre-commit examples to version 6.1.0 (#2413) @​pranlawate
• Small cleanup for developer environment (#2418) @​DanielNoord

📦 Dependencies

• Bump actions/setup-python from 5 to 6 in the github-actions group (#2411) @dependabot[bot]

Changelog

Sourced from isort's changelog.

Changelog

NOTE: isort follows the semver versioning standard. Find out more about isort's release policy here.

Unreleased

• Removed --old-finders and --magic-placement flags and old_finders configuration option. The legacy finder logic that relied on environment introspection has been removed (#2445) @​joao-faria-dev

6.1.0 October 1 2025

• Add python 3.14 classifier and badge (#2409) @​staticdev
• Drop use of non-standard pkg_resources API (#2405) @​dvarrazzo

6.0.1 Febuary 26 2025

• Add OSError handling in find_imports_in_file (#2331) @​kobarity

6.0.0 January 27 2025

• Remove support for Python 3.8 (#2327) @​DanielNoord
• Python 3.13 support (#2306) @​mayty
• Speed up exists_case_sensitive calls (#2264) @​correctmost
• Ensure that split_on_trailing_comma works with as imports (#2340) @​DanielNoord
• Black profile: enable magic comma (#2236) @​MrMino
• Update line_length and single_line_exclusions in google profile (#2149) @​jagapiou
• Allow --diff to be used with --jobs (#2302) @​mnakama
• Fix wemake profile to have correct character limit (#2241) @​sobolevn
• Fix sort_reexports code mangling (#2283) @​Helveg
• Fix correct group by package tokenization (#2136) @​glasnt

5.13.2 December 13 2023

• Apply the bracket fix from issue #471 only for use_parentheses=True (#2184) @​bp72
• Confine pre-commit to stages (#2213) @​davidculley
• Fixed colors extras (#2212) @​staticdev

5.13.1 December 11 2023

• Fixed integration tests (#2208) @​bp72
• Fixed normalizing imports from more than one level of parent modules (issue/2152) (#2191) @​bp72
• Remove optional dependencies without extras (#2207) @​staticdev

5.13.0 December 9 2023

• Cleanup deprecated extras (#2089) @​staticdev
• Fixed #1989: settings lookup when working in stream based mode
• Fixed 80 line length for wemake linter (#2183) @​skatromb
• Add support for Python 3.12 (#2175) @​hugovk

... (truncated)

Commits

• 0a09c78 Merge pull request #2433 from DanielNoord/python-314
• 0fee794 Add 3.14 to stdlibds
• 332a1ad Bump zstandard for 3.14 compat
• f756e56 Merge pull request #2432 from DanielNoord/ruff-it-up
• 52f5134 Format with ruff instead of black
• 012aa69 Merge pull request #2431 from DanielNoord/ruff-it-up
• 89773db Target 3.10 with ruff
• 933e382 Merge pull request #2430 from DanielNoord/drop-39
• 8b6e00c Remove support for Python 3.9
• b5f9f29 Bump profile plugin to 3.10+ and re-lock
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[misi9170]

The dependabot fun begins @paulf81 @rafmudaf ....

I don't love that dependabot seems to have created these "dependencies" and "python" labels, wasn't really expecting it to meddle with the labels. More info here.

[rafmudaf]

🤠 soo many emails! But it's nice that it all happens quickly.

[misi9170]

Yeah, and considering this is the first time this it has run, I guess 4 issues it found isn't too bad---hopefully it'll be less going forward. But now I guess the question is what to do with them---in particular, I'd want to be careful with the jupyter-book and sphinx ones, I feel like those packages are a bit brittle (at least, I've had trouble with certain versions before)

[rafmudaf]

Yep I agree. Pytest and isort are whatever, but the docs have been painful in the past. Maybe those would be resolved by building the docs locally and checking. I'm happy to help if you want to go that route