Bump the dependencies group across 1 directory with 15 updates

[dependabot]

Bumps the dependencies group with 14 updates in the / directory:

Package	From	To
authlib	1.6.5	1.6.6
certifi	2024.12.14	2025.11.12
cryptography	44.0.0	46.0.3
requests	2.32.4	2.32.5
ruff	0.12.8	0.14.9
pytest	8.3.4	9.0.2
zizmor	1.0.0	1.18.0
charset-normalizer	3.4.0	3.4.4
idna	3.10	3.11
iniconfig	2.0.0	2.3.0
packaging	24.2	25.0
pluggy	1.5.0	1.6.0
pycparser	2.22	2.23
urllib3	2.6.0	2.6.2

Updates authlib from 1.6.5 to 1.6.6

Changelog

Sourced from authlib's changelog.

Version 1.6.6

Released on Dec 12, 2025

• get_jwt_config takes a client parameter, :pr:844.
• Fix incorrect signature when Content-Type is x-www-form-urlencoded for OAuth 1.0 Client, :pr:778.
• Use expires_in in OAuth2Token when expires_at is unparsable, :pr:842.
• Always track state in session for OAuth client integrations.

Commits

• bb7a315 chore: release 1.6.6
• 0a423d4 Merge pull request #844 from azmeuk/806-get-jwt-config-client
• 2808378 Merge commit from fork
• 714502a feat: get_jwt_config takes a client parameter
• 260d04e Fix: Use expires_in when expires_at is unparsable
• eb37124 Merge pull request #778 from shc261392/fix-httpx-oauth1-form-data-incorrect-s...
• 0ba9ec4 docs: fix guide on requests self signed certificate
• a2e9943 docs: indicate that #743 needs a migration
• 06015d2 test: factorize the token fixture
• See full diff in compare view

Updates certifi from 2024.12.14 to 2025.11.12

Commits

• 37ea150 2025.11.12 (#375)
• 2fa50bb Bump actions/upload-artifact from 4.6.2 to 5.0.0 (#374)
• 6cadb53 Bump actions/download-artifact from 5.0.0 to 6.0.0 (#373)
• fb14ac4 2025.10.05 (#371)
• 2c7c7ee Add Python 3.14 classifier in setup.py
• 1a5cb7b Bump actions/setup-python from 5.6.0 to 6.0.0 (#367)
• dea5960 Bump pypa/gh-action-pypi-publish from 1.12.4 to 1.13.0 (#366)
• 83566b7 Bump actions/checkout from 4.2.2 to 5.0.0
• ca2e121 Bump actions/download-artifact from 4.3.0 to 5.0.0
• a97d9ad 2025.08.03 (#362)
• Additional commits viewable in compare view

Updates cryptography from 44.0.0 to 46.0.3

Changelog

Sourced from cryptography's changelog.

46.0.3 - 2025-10-15

* Fixed compilation when using LibreSSL 4.2.0.
.. _v46-0-2:
46.0.2 - 2025-09-30

• Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.4.

.. _v46-0-1:

46.0.1 - 2025-09-16

* Fixed an issue where users installing via ``pip`` on Python 3.14 development
  versions would not properly install a dependency.
* Fixed an issue building the free-threaded macOS 3.14 wheels.
.. _v46-0-0:
46.0.0 - 2025-09-16

• BACKWARDS INCOMPATIBLE: Support for Python 3.7 has been removed.
• Support for OpenSSL < 3.0 is deprecated and will be removed in the next release.
• Support for x86_64 macOS (including publishing wheels) is deprecated and will be removed in two releases. We will switch to publishing an arm64 only wheel for macOS.
• Support for 32-bit Windows (including publishing wheels) is deprecated and will be removed in two releases. Users should move to a 64-bit Python installation.
• Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.3.
• We now build ppc64le manylinux wheels and publish them to PyPI.
• We now build win_arm64 (Windows on Arm) wheels and publish them to PyPI.
• Added support for free-threaded Python 3.14.
• Removed the deprecated get_attribute_for_oid method on :class:~cryptography.x509.CertificateSigningRequest. Users should use :meth:~cryptography.x509.Attributes.get_attribute_for_oid instead.
• Removed the deprecated CAST5, SEED, IDEA, and Blowfish classes from the cipher module. These are still available in :doc:/hazmat/decrepit/index.
• In X.509, when performing a PSS signature with a SHA-3 hash, it is now encoded with the official NIST SHA3 OID.

.. _v45-0-7:

... (truncated)

Commits

• c0af4dd release 46.0.3 (#13681)
• 99efe5a bump version for 46.0.2 (#13531)
• e735cfc release 46.0.1 (#13450)
• 4e457ff Explicitly specify python in mac uv build invocation (#13447)
• 2726efd Depend on CFFI 2.0.0 or newer on Python > 3.8 (#13448)
• 6223062 release 46.0.0 (#13446)
• 563c491 Update comment for pyopenssl-release tag (#13445)
• d2f6f7f Bump downstream dependencies in CI (#13439)
• e7ab02b we'll ship this with 3.5.3 why not (#13442)
• 0b68a4b Another pair of bump dependencies fix (#13444)
• Additional commits viewable in compare view

Updates requests from 2.32.4 to 2.32.5

Release notes

Sourced from requests's releases.

v2.32.5

2.32.5 (2025-08-18)

Bugfixes

• The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

• Added support for Python 3.14.
• Dropped support for Python 3.8 following its end of support.

Changelog

Sourced from requests's changelog.

2.32.5 (2025-08-18)

Bugfixes

• The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

• Added support for Python 3.14.
• Dropped support for Python 3.8 following its end of support.

Commits

• b25c87d v2.32.5
• 131e506 Merge pull request #7010 from psf/dependabot/github_actions/actions/checkout-...
• b336cb2 Bump actions/checkout from 4.2.0 to 5.0.0
• 46e939b Update publish workflow to use artifact-id instead of name
• 4b9c546 Merge pull request #6999 from psf/dependabot/github_actions/step-security/har...
• 7618dbe Bump step-security/harden-runner from 2.12.0 to 2.13.0
• 2edca11 Add support for Python 3.14 and drop support for Python 3.8 (#6993)
• fec96cd Update Makefile rules (#6996)
• d58d8aa docs: clarify timeout parameter uses seconds in Session.request (#6994)
• 91a3eab Bump github/codeql-action from 3.28.5 to 3.29.0
• Additional commits viewable in compare view

Updates ruff from 0.12.8 to 0.14.9

Release notes

Sourced from ruff's releases.

0.14.9

Release Notes

Released on 2025-12-11.

Preview features

• [ruff] New RUF100 diagnostics for unused range suppressions (#21783)
• [pylint] Detect subclasses of builtin exceptions (PLW0133) (#21382)

Bug fixes

• Fix comment placement in lambda parameters (#21868)
• Skip over trivia tokens after re-lexing (#21895)
• [flake8-bandit] Fix false positive when using non-standard CSafeLoader path (S506). (#21830)
• [flake8-bugbear] Accept immutable slice default arguments (B008) (#21823)

Rule changes

• [pydocstyle] Suppress D417 for parameters with Unpack annotations (#21816)

Performance

• Use memchr for computing line indexes (#21838)

Documentation

• Document *.pyw is included by default in preview (#21885)
• Document range suppressions, reorganize suppression docs (#21884)
• Update mkdocs-material to 9.7.0 (Insiders now free) (#21797)

Contributors

• @​Avasam
• @​MichaReiser
• @​charliermarsh
• @​amyreese
• @​phongddo
• @​prakhar1144
• @​mahiro72
• @​ntBre
• @​LoicRiegel

Install ruff 0.14.9

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/ruff/releases/download/0.14.9/ruff-installer.sh | sh

... (truncated)

Changelog

Sourced from ruff's changelog.

0.14.9

Released on 2025-12-11.

Preview features

• [ruff] New RUF100 diagnostics for unused range suppressions (#21783)
• [pylint] Detect subclasses of builtin exceptions (PLW0133) (#21382)

Bug fixes

• Fix comment placement in lambda parameters (#21868)
• Skip over trivia tokens after re-lexing (#21895)
• [flake8-bandit] Fix false positive when using non-standard CSafeLoader path (S506). (#21830)
• [flake8-bugbear] Accept immutable slice default arguments (B008) (#21823)

Rule changes

• [pydocstyle] Suppress D417 for parameters with Unpack annotations (#21816)

Performance

• Use memchr for computing line indexes (#21838)

Documentation

• Document *.pyw is included by default in preview (#21885)
• Document range suppressions, reorganize suppression docs (#21884)
• Update mkdocs-material to 9.7.0 (Insiders now free) (#21797)

Contributors

• @​Avasam
• @​MichaReiser
• @​charliermarsh
• @​amyreese
• @​phongddo
• @​prakhar1144
• @​mahiro72
• @​ntBre
• @​LoicRiegel

0.14.8

Released on 2025-12-04.

Preview features

• [flake8-bugbear] Catch yield expressions within other statements (B901) (#21200)
• [flake8-use-pathlib] Mark fixes unsafe for return type changes (PTH104, PTH105, PTH109, PTH115) (#21440)

... (truncated)

Commits

• 3f63ea4 Prepare 0.14.9 release (#21927)
• c8851ec [ty] Defer all parameter and return type annotations (#21906)
• d442433 [ty] Fix workspace symbols to return members too (#21926)
• c055d66 Document range suppressions, reorganize suppression docs (#21884)
• 7a578ce Ignore ruff:isort like ruff:noqa in new suppressions (#21922)
• 34f7a04 [ty] Handle Definitions in SemanticModel::scope (#21919)
• c9fe4e2 [ty] Attach salsa db when running ide tests for easier debugging (#21917)
• fbeeb05 [ty] Don't show hover for expressions with no inferred type (#21924)
• 4fdb4e8 [ty] avoid unions of generic aliases of the same class in fixpoint (#21909)
• c548ef2 [ty] Squash false positive logs for failing to find builtins as a real module
• Additional commits viewable in compare view

Updates pytest from 8.3.4 to 9.0.2

Release notes

Sourced from pytest's releases.

9.0.2

pytest 9.0.2 (2025-12-06)

Bug fixes

• #13896: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.

  You may enable it again by passing -p terminalprogress. We may enable it by default again once compatibility improves in the future.

  Additionally, when the environment variable TERM is dumb, the escape codes are no longer emitted, even if the plugin is enabled.

• #13904: Fixed the TOML type of the tmp_path_retention_count settings in the API reference from number to string.

• #13946: The private config.inicfg attribute was changed in a breaking manner in pytest 9.0.0. Due to its usage in the ecosystem, it is now restored to working order using a compatibility shim. It will be deprecated in pytest 9.1 and removed in pytest 10.

• #13965: Fixed quadratic-time behavior when handling unittest subtests in Python 3.10.

Improved documentation

• #4492: The API Reference now contains cross-reference-able documentation of pytest's command-line flags <command-line-flags>.

9.0.1

pytest 9.0.1 (2025-11-12)

Bug fixes

• #13895: Restore support for skipping tests via raise unittest.SkipTest.
• #13896: The terminal progress plugin added in pytest 9.0 is now automatically disabled when iTerm2 is detected, it generated desktop notifications instead of the desired functionality.
• #13904: Fixed the TOML type of the verbosity settings in the API reference from number to string.
• #13910: Fixed UserWarning: Do not expect file_or_dir on some earlier Python 3.12 and 3.13 point versions.

Packaging updates and notes for downstreams

• #13933: The tox configuration has been adjusted to make sure the desired version string can be passed into its package_env through the SETUPTOOLS_SCM_PRETEND_VERSION_FOR_PYTEST environment variable as a part of the release process -- by webknjaz.

Contributor-facing changes

• #13891, #13942: The CI/CD part of the release automation is now capable of creating GitHub Releases without having a Git checkout on disk -- by bluetech and webknjaz.
• #13933: The tox configuration has been adjusted to make sure the desired version string can be passed into its package_env through the SETUPTOOLS_SCM_PRETEND_VERSION_FOR_PYTEST environment variable as a part of the release process -- by webknjaz.

... (truncated)

Commits

• 3d10b51 Prepare release version 9.0.2
• 188750b Merge pull request #14030 from pytest-dev/patchback/backports/9.0.x/1e4b01d1f...
• b7d7bef Merge pull request #14014 from bluetech/compat-note
• bd08e85 Merge pull request #14013 from pytest-dev/patchback/backports/9.0.x/922b60377...
• bc78386 Add CLI options reference documentation (#13930)
• 5a4e398 Fix docs typo (#14005) (#14008)
• d7ae6df Merge pull request #14006 from pytest-dev/maintenance/update-plugin-list-tmpl...
• 556f6a2 pre-commit: fix rst-lint after new release (#13999) (#14001)
• c60fbe6 Fix quadratic-time behavior when handling unittest subtests in Python 3.10 ...
• 73d9b01 Merge pull request #13995 from nicoddemus/patchback/backports/9.0.x/1b5200c0f...
• Additional commits viewable in compare view

Updates zizmor from 1.0.0 to 1.18.0

Release notes

Sourced from zizmor's releases.

v1.18.0

Enhancements 🌱🔗

• The use-trusted-publishing audit now detects NuGet publishing commands (#1369)

• The dependabot-cooldown audit now flags cooldown periods of less than 7 days by default (#1375)

• The dependabot-cooldown audit can now be configured with a custom minimum cooldown period via rules.dependabot-cooldown.config.days (#1377)

• zizmor now produces slightly more useful error messages when the user supplies an invalid configuration for the forbidden-uses audit (#1381)

Bug Fixes 🐛🔗

• Fixed additional edge cases where auto-fixed would fail to preserve a document's final newline (#1372)

v1.18.0-rc3

No release notes provided.

v1.18.0-rc2

No release notes provided.

v1.18.0-rc1

No release notes provided.

v1.17.0

Enhancements 🌱🔗

• zizmor now produces a more useful error message when asked to collect only workflows from a remote input that contains no workflows (#1324)

• zizmor now produces more precise severities on actions/checkout versions that have more misuse-resistant credentials persistence behavior (#1353)

  Many thanks to @​ManuelLerchnerQC for proposing and implementing this improvement!

• The use-trusted-publishing audit now correctly detecting more "dry-run" patterns, making it significantly more accurate (#1357)

• The obfuscation audit now detects usages of shell: cmd and similar, as the Windows CMD shell lacks a formal grammar and limits analysis of run: blocks in other audits (#1361)

Performance Improvements 🚄🔗

• zizmor's core has been refactored to be asynchronous, making online and I/O-heavy audits significantly faster. Typical user workloads should see speedups of 40% to 70% (#1314)

Bug Fixes 🐛🔗

• Fixed a bug where auto-fixes would fail to preserve a document's final newline (#1323)

• zizmor now uses the native (OS) TLS roots when performing HTTPS requests, improving compatibility with user environments that perform TLS interception (#1328)

• The github-env audit now falls back to assuming bash-like shell syntax in run: blocks if it can't infer the shell being used (#1336)

• The concurrency-limits audit now correctly detects job-level concurrency settings, in addition to workflow-level settings (#1338)

... (truncated)

Changelog

Sourced from zizmor's changelog.

1.18.0

Enhancements 🌱

• The [use-trusted-publishing] audit now detects NuGet publishing commands (#1369)

• The [dependabot-cooldown] audit now flags cooldown periods of less than 7 days by default (#1375)

• The [dependabot-cooldown] audit can now be configured with a custom minimum cooldown period via rules.dependabot-cooldown.config.days (#1377)

• zizmor now produces slightly more useful error messages when the user supplies an invalid configuration for the [forbidden-uses] audit (#1381)

Bug Fixes 🐛

• Fixed additional edge cases where auto-fixed would fail to preserve a document's final newline (#1372)

1.17.0

Enhancements 🌱

• zizmor now produces a more useful error message when asked to collect only workflows from a remote input that contains no workflows (#1324)

• zizmor now produces more precise severities on @​actions/checkout versions that have more misuse-resistant credentials persistence behavior (#1353)

  Many thanks to @​ManuelLerchnerQC for proposing and implementing this improvement!

• The [use-trusted-publishing] audit now correctly detecting more "dry-run" patterns, making it significantly more accurate (#1357)

• The [obfuscation] audit now detects usages of #!yaml shell: cmd and similar, as the Windows CMD shell lacks a formal grammar and limits analysis of #!yaml run: blocks in other audits (#1361)

Performance Improvements 🚄

• zizmor's core has been refactored to be asynchronous, making online and I/O-heavy audits significantly faster. Typical user workloads should see speedups of 40% to 70% (#1314)

Bug Fixes 🐛

• Fixed a bug where auto-fixes would fail to preserve a document's final

... (truncated)

Commits

• f203b45 chore: prep for 1.18.0 (#1390)
• aed6f8c Update README (#1389)
• 6323373 chore: attempt to fix sdist metadata, prep another RC (#1388)
• 5f5f1fa chore: prep 1.18.0-rc2 release (#1387)
• ea64e40 chore: prep 1.18.0-rc1 release (#1386)
• 545d63a chore: bump yamlpatch to 0.7.0 (#1385)
• c393ca8 chore: bump yamlpath to 0.29.0 (#1384)
• e52043c ci: add PEP 740 attestations to PyPI release workflow (#1383)
• 097dd5d tests: remove a duped config test (#1382)
• d182743 feat: improve forbidden-uses error message on invalid config (#1381)
• Additional commits viewable in compare view

Updates cffi from 1.17.1 to 2.0.0

Release notes

Sourced from cffi's releases.

v2.0.0

What's Changed

• Add Python 3.14 support.
• Add CPython free-threaded support (3.14t+ only) - huge thanks to the folks at Quansight Labs for all the work to get this one sorted!
• Drop Python <= 3.8 support.
• Fix order dependency affecting nested type size calculation (#148).

Full Changelog: python-cffi/cffi@v1.17.1...v2.0.0

v2.0.0b1

What's Changed

• Add Python 3.14 support.
• Add CPython free-threaded support (3.14t+ only).
• Drop Python <= 3.8 support.
• Fix order dependency affecting nested type size calculation (#148).

Full Changelog: python-cffi/cffi@v1.17.1...v2.0.0b1

Commits

• 6366c01 release 2.0.0 (#196)
• 95c8476 2.0.0 post beta backports (#195)
• 195cbda Release 2.0.0b1 (#183)
• b4bbe79 fix version test to support beta
• 7ed073d Add support for the free-threaded build (#178)
• 67a170d Change the license from MIT to MIT-no-attribution, which is the same without ...
• 92645ec Add Python 3.14 support/testing (#177)
• 2b81170 doc: update test commands in Section Testing/development tips (#158)
• 25172b8 doc: update year (#153)
• b57a92c issue 147: force-compute nested structs before parent structs. Occurs mainly...
• Additional commits viewable in compare view

Updates charset-normalizer from 3.4.0 to 3.4.4

Release notes

Sourced from charset-normalizer's releases.

Version 3.4.4

3.4.4 (2025-10-13)

Changed

• Bound setuptools to a specific constraint setuptools>=68,<=81.
• Raised upper bound of mypyc for the optional pre-built extension to v1.18.2

Removed

• setuptools-scm as a build dependency.

Misc

• Enforced hashes in dev-requirements.txt and created ci-requirements.txt for security purposes.
• Additional pre-built wheels for riscv64, s390x, and armv7l architectures.
• Restore multiple.intoto.jsonl in GitHub releases in addition to individual attestation file per wheel.

Version 3.4.3

3.4.3 (2025-08-09)

Changed

• mypy(c) is no longer a required dependency at build time if CHARSET_NORMALIZER_USE_MYPYC isn't set to 1. (#595) (#583)
• automatically lower confidence on small bytes samples that are not Unicode in detect output legacy function. (#391)

Added

• Custom build backend to overcome inability to mark mypy as an optional dependency in the build phase.
• Support for Python 3.14

Fixed

• sdist archive contained useless directories.
• automatically fallback on valid UTF-16 or UTF-32 even if the md says it's noisy. (#633)

Misc

• SBOM are automatically published to the relevant GitHub release to comply with regulatory changes. Each published wheel comes with its SBOM. We choose CycloneDX as the format.
• Prebuilt optimized wheel are no longer distributed by default for CPython 3.7 due to a change in cibuildwheel.

Version 3.4.2

3.4.2 (2025-05-02)

Fixed

• Addressed the DeprecationWarning in our CLI regarding argparse.FileType by backporting the target class into the package. (#591)
• Improved the overall reliability of the detector with CJK Ideographs. (#605) (#587)

Changed

• Optional mypyc compilation upgraded to version 1.15 for Python >= 3.9

Version 3.4.1

🚀 We're still raising awareness around HTTP/2, and HTTP/3!

Did you know that Internet Explorer 11 shipped with an optional HTTP/2 support back in 2013? also libcurl did ship it in 2014[...] Using Requests today is the rough equivalent of using EOL Windows 8! We promptly invite Python developers to look at the first drop-in replacement for Requests, namely Niquests. Ship with native WebSocket, SSE, Happy Eyeballs, DNS over HTTPS, and so on[...] All of this while remaining compatible with all Requests prior plug-ins / add-ons.

... (truncated)

Changelog

Sourced from charset-normalizer's changelog.

3.4.4 (2025-10-13)

Changed

• Bound setuptools to a specific constraint setuptools>=68,<=81.
• Raised upper bound of mypyc for the optional pre-built extension to v1.18.2

Removed

• setuptools-scm as a build dependency.

Misc

• Enforced hashes in dev-requirements.txt and created ci-requirements.txt for security purposes.
• Additional pre-built wheels for riscv64, s390x, and armv7l architectures.
• Restore multiple.intoto.jsonl in GitHub releases in addition to individual attestation file per wheel.

3.4.3 (2025-08-09)

Changed

• mypy(c) is no longer a required dependency at build time if CHARSET_NORMALIZER_USE_MYPYC isn't set to 1. (#595) (#583)
• automatically lower confidence on small bytes samples that are not Unicode in detect output legacy function. (#391)

Added

• Custom build backend to overcome inability to mark mypy as an optional dependency in the build phase.
• Support for Python 3.14

Fixed

• sdist archive contained useless directories.
• automatically fallback on valid UTF-16 or UTF-32 even if the md says it's noisy. (#633)

Misc

• SBOM are automatically published to the relevant GitHub release to comply with regulatory changes. Each published wheel comes with its SBOM. We choose CycloneDX as the format.
• Prebuilt optimized wheel are no longer distributed by default for CPython 3.7 due to a change in cibuildwheel.

3.4.2 (2025-05-02)

Fixed

• Addressed the DeprecationWarning in our CLI regarding argparse.FileType by backporting the target class into the package. (#591)
• Improved the overall reliability of the detector with CJK Ideographs. (#605) (#587)

Changed

• Optional mypyc compilation upgraded to version 1.15 for Python >= 3.8

3.4.1 (2024-12-24)

Changed

• Project metadata are now stored using pyproject.toml instead of setup.cfg using setuptools as the build backend.
• Enforce annotation delayed loading for a simpler and consistent types in the project.
• Optional mypyc compilation upgraded to version 1.14 for Python >= 3.8

Added

... (truncated)

Commits

• b30ffdc 🔧 fix checksum step in cd.yml
• d3fbfcf 🔧 fix cd.yml
• dafbb95 Release 3.4.4 (#658)
• 1f18ffa ⬆️ raise mypy upper bound to 1.18.2
• ef4ac69 Merge branch 'release-3.4.4' of github.com:jawah/charset_normalizer into rele...
• 4b35dda 📝 write changelog for 3.4.4
• 0ec6452 🔧 update cd.yml workflow (add riscv64, s390x and armv7l)
• f341ede ⬆️ upgrade dependencies (dev, ci)
• a308841 📝 write changelog for 3.4.4
• 9c906da 🔧 update cd.yml workflow (add riscv64, s390x and armv7l)
• Additional commits viewable in compare view

Updates idna from 3.10 to 3.11

Changelog

Sourced from idna's changelog.

3.11 (2025-10-12)

• Update to Unicode 16.0.0, including significant changes to UTS46 processing. As a result of Unicode ending support for it, transitional processing no longer has an effect and returns the same result.
• Add support for Python 3.14, lowest supported version is Python 3.8.
• Various updates to packaging, including PEP 740 support.

Commits

• ad949ee Release v3.11
• cae4ba7 Second release candidate for 3.11
• 8adb305 Add space in RST link
• 74cb2b6 Release candidate for 3.11
• 05dab09 Format idna-data with ruff
• 90eac78 Apply ruff formatting
• a31ce7e Remove errant test vectors
• 81f0333 Omit vectors known to be broken in test suite
• a0f3257 Merge branch 'master' into unicode-16-uts46-changes
• 38d9886 Remove extra UTS46 test vector
• Additional commits viewable in compare view

Updates iniconfig from 2.0.0 to 2.3.0

Release notes

Sourced from iniconfig's releases.

Version 2.3.0

What's Changed

• Add IniConfig.parse() with inline comment stripping and Unicode whitespace handling by @​RonnyPfannschmidt in pytest-dev/iniconfig#70

Full Changelog: pytest-dev/iniconfig@v2.2.0...v2.3.0

Version 2.2.0

No release notes provided.

v2.1.0

What's Changed

• fix #26 - list individuals in license file by @​RonnyPfannschmidt in pytest-dev/iniconfig#52
• Run tests in CI by @​nicoddemus in pytest-dev/iniconfig#53
• Use pypa/gh-action-pypi-publish@release/v1 @ GHA by @​webknjaz in pytest-dev/iniconfig#54
• Add support for Python 3.12-3.13 and drop EOL 3.7 by @​hugovk in pytest-dev/iniconfig#56

New Contributors

• @​nicoddemus made their first contribution in pytest-dev/iniconfig#53
• @​webknjaz made their first contribution in pytest-dev/iniconfig#54

Full Changelog: pytest-dev/iniconfig@v2.0.0...v2.1.0

Changelog

Sourced from iniconfig's changelog.

2.3.0

• add IniConfig.parse() classmethod with strip_inline_comments parameter (fixes #55)
  • by default (strip_inline_comments=True), inline comments are properly stripped from values
  • set strip_inline_comments=False to preserve old behavior if needed
• IniConfig() constructor maintains backward compatibility (does not strip inline comments)
• users should migrate to IniConfig.parse() for correct comment handling
• add strip_section_whitespace parameter to IniConfig.parse() (regarding #4)
  • opt-in parameter to strip Unicode whitespace from section names
  • when True, strips Unicode whitespace (U+00A0, U+2000, U+3000, etc.) from section names
  • when False (default), preserves existing behavior for backward compatibility
• clarify Unicode whitespace handling (regarding #4)
  • since iniconfig 2.0.0 (Python 3 only), all strings are Unicode by default
  • Python 3's str.strip() has handled Unicode whitespace since Python 3.0 (2008)
  • iniconfig automatically benefits from this in all supported versions (Python >= 3.10)
  • key names and values have Unicode whitespace properly stripped using Python's built-in methods

2.2.0

• drop Python 3.8 and 3.9 support (now requires Python >= 3.10)
• add Python 3.14 classifier
• migrate from hatchling to setuptools 77 with setuptools_scm
• adopt PEP 639 license specifiers and PEP 740 build attestations
• migrate from black + pyupgrade to ruff
• migrate CI to uv and unified test workflow
• automate GitHub releases and PyPI publishing via Trusted Publishing
• include tests in sdist
• modernize code for Python 3.10+ (remove future annotations, TYPE_CHECKING guards)
• rename _ParsedLine to ParsedLine

2.1.0

• fix artifact building - pin minimal version of hatch
• drop eol python 3.8
• add python 3.12 and 3.13

Commits

• 7faed13 Merge pull request #70 from RonnyPfannschmidt/comments
• 58c0869 Refactor: Simplify IniConfig constructor and parse() method
• 6d0af45 Add strip_section_whitespace parameter to address issue #4
• e2d89f5 Add IniConfig.parse() classmethod to fix inline comment handling
• 57b7ed9 Merge pull request #66 from killiandesse/pep639
• 27ac49f Merge pull request #69 from RonnyPfannschmidt/limit-attestation
• 3402322 Disable build attestations for PRs from forks
• 27e6a7b Merge branch 'main' into pep639
• 6522881 Merge pull request #68 from pytest-dev/fix-build
• 8b2bccb Update CHANGELOG and automate releases
• Additional commits viewable in compare view

Updates packaging from 24.2 to 25.0

Release notes

Sourced from packaging's releases.

25.0

What's Changed

• Re-add a test for Unicode file name parsing by @​Siddhesh-...

  Description has been truncated

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.