Bump the all-dependencies group across 1 directory with 21 updates

[dependabot]

Bumps the all-dependencies group with 21 updates in the /api directory:

Package	From	To
boto3	1.42.39	1.42.81
botocore	1.42.39	1.42.81
certifi	2026.1.4	2026.2.25
charset-normalizer	3.4.4	3.4.6
greenlet	3.3.1	3.3.2
importlib-metadata	8.7.1	9.0.0
pydantic-core	2.41.5	2.45.0
pytz	2025.2	2026.1.post1
requests	2.33.0	2.33.1
sqlalchemy	2.0.46	2.0.48
werkzeug	3.1.6	3.1.7
coverage	7.13.2	7.13.5
tox	4.34.1	4.52.0
pip	26.0	26.0.1
pip-tools	7.5.2	7.5.3
cachetools	6.2.6	7.0.5
chardet	5.2.0	7.4.0.post2
filelock	3.20.3	3.25.2
identify	2.6.16	2.6.18
platformdirs	4.5.1	4.9.4
virtualenv	20.36.1	21.2.0

Updates boto3 from 1.42.39 to 1.42.81

Commits

• a70b9fd Merge branch 'release-1.42.81'
• e65b71f Bumping version to 1.42.81
• 087a4f3 Add changelog entries from botocore
• 0553641 Add the GitHub CI script for pull request build (#4748)
• d66479d Merge branch 'release-1.42.80'
• d4e6d42 Merge branch 'release-1.42.80' into develop
• e930bfc Bumping version to 1.42.80
• 2596b71 Add changelog entries from botocore
• 617e6fb Bump github/codeql-action from 4.34.1 to 4.35.1 (#4746)
• 9c5880d Bump pygments from 2.18.0 to 2.20.0 (#4747)
• Additional commits viewable in compare view

Updates botocore from 1.42.39 to 1.42.81

Commits

• 56a6ef8 Merge branch 'release-1.42.81'
• b75a7e0 Bumping version to 1.42.81
• 1bda363 Update to latest models
• 080f45a Merge branch 'release-1.42.80'
• 8f5a56f Merge branch 'release-1.42.80' into develop
• c345813 Bumping version to 1.42.80
• 1e4bce7 Update to latest models
• f613dbd Merge customizations for Pinpoint SMS Voice V2
• c824e02 Bump pygments from 2.18.0 to 2.20.0 (#3661)
• 99ac865 Merge branch 'release-1.42.79'
• Additional commits viewable in compare view

Updates certifi from 2026.1.4 to 2026.2.25

Commits

• 8571a4b 2026.02.25 (#395)
• 6f7de00 Bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 (#390)
• a1de59b Bump actions/checkout from 6.0.1 to 6.0.2 (#391)
• 7f5ade5 Bump actions/setup-python from 6.1.0 to 6.2.0 (#392)
• See full diff in compare view

Updates charset-normalizer from 3.4.4 to 3.4.6

Release notes

Sourced from charset-normalizer's releases.

Version 3.4.6

3.4.6 (2026-03-15)

Changed

• Flattened the logic in charset_normalizer.md for higher performance. Removed eligible(..) and feed(...) in favor of feed_info(...).
• Raised upper bound for mypy[c] to 1.20, for our optimized version.
• Updated UNICODE_RANGES_COMBINED using Unicode blocks v17.

Fixed

• Edge case where noise difference between two candidates can be almost insignificant. (#672)
• CLI --normalize writing to wrong path when passing multiple files in. (#702)

Misc

• Freethreaded pre-built wheels now shipped in PyPI starting with 3.14t. (#616)

Version 3.4.5

3.4.5 (2026-03-06)

Changed

• Update setuptools constraint to setuptools>=68,<=82.
• Raised upper bound of mypyc for the optional pre-built extension to v1.19.1

Fixed

• Add explicit link to lib math in our optimized build. (#692)
• Logger level not restored correctly for empty byte sequences. (#701)
• TypeError when passing bytearray to from_bytes. (#703)

Misc

• Applied safe micro-optimizations in both our noise detector and language detector.
• Rewrote the query_yes_no function (inside CLI) to avoid using ambiguous licensed code.
• Added cd.py submodule into mypyc optional compilation to reduce further the performance impact.

[!WARNING]
mypyc changed the usual binary output for the optimized wheel. Beware, especially if using PyInstaller or alike. See jawah/charset_normalizer#714

Changelog

Sourced from charset-normalizer's changelog.

3.4.6 (2026-03-15)

Changed

• Flattened the logic in charset_normalizer.md for higher performance. Removed eligible(..) and feed(...) in favor of feed_info(...).
• Raised upper bound for mypy[c] to 1.20, for our optimized version.
• Updated UNICODE_RANGES_COMBINED using Unicode blocks v17.

Fixed

• Edge case where noise difference between two candidates can be almost insignificant. (#672)
• CLI --normalize writing to wrong path when passing multiple files in. (#702)

Misc

• Freethreaded pre-built wheels now shipped in PyPI starting with 3.14t. (#616)

3.4.5 (2026-03-06)

Changed

• Update setuptools constraint to setuptools>=68,<=82.
• Raised upper bound of mypyc for the optional pre-built extension to v1.19.1

Fixed

• Add explicit link to lib math in our optimized build. (#692)
• Logger level not restored correctly for empty byte sequences. (#701)
• TypeError when passing bytearray to from_bytes. (#703)

Misc

• Applied safe micro-optimizations in both our noise detector and language detector.
• Rewrote the query_yes_no function (inside CLI) to avoid using ambiguous licensed code.
• Added cd.py submodule into mypyc optional compilation to reduce further the performance impact.

Commits

• 5478b84 Merge pull request #715 from jawah/release-3.4.6
• 5c0a09e ✔️ add confidence for threading usage, mostly due to lru_cach...
• ef826b2 📝 update changelog
• 5564f1a 📝 update docs accordingly
• 0f2cf7d 📝 update changelog
• 54a1894 🐛 fix --normalize writing to wrong path with multiple files
• 2177e28 📝 update changelog
• b2497a5 🐛 edge case where noise difference between two candidates can be almost i...
• 13a5d0b 🔧 upgrade ci requirements
• b9ffbd4 🔧 enable 3.14t nox mypyc session
• Additional commits viewable in compare view

Updates greenlet from 3.3.1 to 3.3.2

Changelog

Sourced from greenlet's changelog.

3.3.2 (2026-02-20)

• Fix a crash on Python 3.10 if there are active greenlets during interpreter shutdown. See PR 495 <https://github.com/python-greenlet/greenlet/pull/495>_ by Nicolas Bouvrette.

Commits

• a62f331 Preparing release 3.3.2
• c73a2c6 Pull in change note for 3.2.5
• 4eb47c8 test_untracked_memory_doesnt_increase_unfinished_thread_dealloc_in_main: A ch...
• 53ac405 Add change note for #495
• d5b8515 Merge pull request #495 from nbouvrette/fix/safe-finalization-py310
• e0625d7 Merge pull request #494 from daniel7an/fix/issue-492-spdx-license
• 292e126 Fix SIGSEGV/SIGABRT during interpreter shutdown on Python < 3.11
• 77e65f0 Fix SPDX license identifier: Python-2.0 → PSF-2.0
• d4606ef leak tests: do a better job skipping if uss isn't available. Fixes #485
• 74a11b8 Back to development: 3.3.2
• See full diff in compare view

Updates importlib-metadata from 8.7.1 to 9.0.0

Changelog

Sourced from importlib-metadata's changelog.

v9.0.0

Deprecations and Removals

• Added MetadataNotFound (subclass of FileNotFoundError) and updated Distribution.metadata/metadata() to raise it when the metadata files are missing instead of returning Nonepython/cpython#143387#532)

v8.9.0

Features

• python/cpython#110937python/cpython#140141, python/cpython#143658)

v8.8.0

Features

• Removed Python 3.9 compatibility.

Commits

• a9f883f Finalize
• 9b0dfdf Raise an exception when no metadata file is found (#532)
• 0f2229c Merge branch 'main' into feature/no-metadata-exception
• 2f4088e Remove news fragments about internal details.
• 0ac2720 Add news fragment.
• a5c2154 Finalize
• e66e226 Drop support for EOL Python 3.9 (#530)
• 6027933 Add news fragment.
• b89388a Import os_helper directly.
• 2dcb761 Add uniform exclusions for test.support.
• Additional commits viewable in compare view

Updates pydantic-core from 2.41.5 to 2.45.0

Commits

• See full diff in compare view

Updates pytz from 2025.2 to 2026.1.post1

Commits

• 02509d0 Update test runners for new Pythons and github actions
• 43c1cb2 Bump version number to 2026.1.post1
• 6ee7e56 Try to access resource using importlib.resources
• 95fe75d Bump version number to 2026.1 (2026a)
• 7034275 Updates for upstream directory layout changes
• 4dd79d3 IANA 2026a
• 08d7e76 Squashed 'tz/' changes from 7e1145bfdb..e23c045f8f
• b07d947 try to access resource using importlib.resources
• See full diff in compare view

Updates requests from 2.33.0 to 2.33.1

Release notes

Sourced from requests's releases.

v2.33.1

2.33.1 (2026-03-30)

Bugfixes

• Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. (#7305)
• Fixed Content-Type header parsing for malformed values. (#7309)
• Improved error consistency for malformed header values. (#7308)

New Contributors

• @​ferdnyc made their first contribution in psf/requests#7277

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2331-2026-03-30

Changelog

Sourced from requests's changelog.

2.33.1 (2026-03-30)

Bugfixes

• Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. (#7305)
• Fixed Content-Type header parsing for malformed values. (#7309)
• Improved error consistency for malformed header values. (#7308)

Commits

• 111d2b7 v2.33.1
• f0198e6 Fix malformed value parsing for Content-Type (#7309)
• bc7dd0f Fix cosmetic header validity parsing regex (#7308)
• 4443b1a Fix unintended test extra (#7306)
• 389eea5 Cleanup extracted file after extract_zipped_path test (#7305)
• 7407309 Packaging: DRY out extras definition (#7277)
• See full diff in compare view

Updates sqlalchemy from 2.0.46 to 2.0.48

Release notes

Sourced from sqlalchemy's releases.

2.0.48

Released: March 2, 2026

engine

• [engine] [bug] Fixed a critical issue in Engine where connections created in conjunction with the DialectEvents.do_connect() event listeners would receive shared, mutable collections for the connection arguments, leading to a variety of potential issues including unlimited growth of the argument list as well as elements within the parameter dictionary being shared among concurrent connection calls. In particular this could impact do_connect routines making use of complex mutable authentication structures.

  References: #13144

2.0.47

Released: February 24, 2026

orm

• [orm] [bug] Fixed issue when using ORM mappings with Python 3.14's PEP 649 feature that no longer requires "future annotations", where the ORM's introspection of the __init__ method of mapped classes would fail if non-present identifiers in annotations were present. The vendored getfullargspec() method has been amended to use Format.FORWARDREF under Python 3.14 to prevent resolution of names that aren't present.

  References: #13104

engine

• [engine] [usecase] The connection object returned by _engine.Engine.raw_connection() now supports the context manager protocol, automatically returning the connection to the pool when exiting the context.

  References: #13116

postgresql

• [postgresql] [bug] Fixed an issue in the PostgreSQL dialect where foreign key constraint reflection would incorrectly swap or fail to capture onupdate and ondelete values when these clauses appeared in a different order than expected in the constraint definition. This issue primarily affected

... (truncated)

Commits

• See full diff in compare view

Updates werkzeug from 3.1.6 to 3.1.7

Release notes

Sourced from werkzeug's releases.

3.1.7

This is the Werkzeug 3.1.7 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Werkzeug/3.1.7/ Changes: https://werkzeug.palletsprojects.com/page/changes/#version-3-1-7 Milestone: https://github.com/pallets/werkzeug/milestone/44?closed=1

• parse_list_header preserves partially quoted items, discards empty items, and returns empty for unclosed quoted values. #3128
• WWWAuthenticate.to_header does not produce a trailing space when there are no parameters. #3127
• Transfer-Encoding is parsed as a set. #3134
• Request.host, get_host, and host_is_trusted validate the characters of the value. An empty value is no longer allowed. A Unix socket server address is ignored. The trusted_list argument to host_is_trusted is optional. #3113
• Fix multipart form parser handling of newline at boundary. #3088
• Response.make_conditional sets the Accept-Ranges header even if it is not a satisfiable range request. #3108
• merge_slashes merges any number of consecutive slashes. #3121

Changelog

Sourced from werkzeug's changelog.

Version 3.1.7

Released 2026-03-23

• parse_list_header preserves partially quoted items, discards empty items, and returns empty for unclosed quoted values. :pr:3128
• WWWAuthenticate.to_header does not produce a trailing space when there are no parameters. :issue:3127
• Transfer-Encoding is parsed as a set. :pr:3134
• Request.host, get_host, and host_is_trusted validate the characters of the value. An empty value is no longer allowed. A Unix socket server address is ignored. The trusted_list argument to host_is_trusted is optional. :pr:3113
• Fix multipart form parser handling of newline at boundary. :issue:3088
• Response.make_conditional sets the Accept-Ranges header even if it is not a satisfiable range request. :issue:3108
• merge_slashes merges any number of consecutive slashes. :issue:3121

Commits

• 005d93b release version 3.1.7
• c328342 merge any number of slashes (#3136)
• 23142a3 merge any number of slashes
• b913d68 always set accept-ranges header
• f282943 Correct 1049dd6b2a363e1ef302b4161c340fb8582f627a
• d3d3df5 validate host characters
• 2c6a3a5 parse transfer-encoding as set (#3134)
• 63261cd parse transfer-encoding as set
• dafe7f1 fix trailing whitespace in WWW-Authenticate bearer (#3129)
• 051fd66 fix trailing whitespace in WWW-Authenticate bearer
• Additional commits viewable in compare view

Updates coverage from 7.13.2 to 7.13.5

Changelog

Sourced from coverage's changelog.

Version 7.13.5 — 2026-03-17

• Fix: issue 2138_ describes a memory leak that happened when repeatedly using the Coverage API with in-memory data. This is now fixed.

• Fix: the markdown-formatted coverage report didn't fully escape special characters in file paths (issue 2141). This would be very unlikely to cause a problem, but now it's done properly, thanks to Ellie Ayla <pull 2142_>.

• Fix: the C extension wouldn't build on VS2019, but now it does (issue 2145_).

.. _issue 2138: coveragepy/coveragepy#2138 .. _issue 2141: coveragepy/coveragepy#2141 .. _pull 2142: coveragepy/coveragepy#2142 .. _issue 2145: coveragepy/coveragepy#2145

.. _changes_7-13-4:

Version 7.13.4 — 2026-02-09

• Fix: the third-party code fix in 7.13.3 required examining the parent directories where coverage was run. In the unusual situation that one of the parent directories is unreadable, a PermissionError would occur, as described in issue 2129_. This is now fixed.

• Fix: in test suites that change sys.path, coverage.py could fail with "RuntimeError: Set changed size during iteration" as described and fixed in pull 2130_. Thanks, Noah Fatsi.

• We now publish ppc64le wheels, thanks to Pankhudi Jain <pull 2121_>_.

.. _pull 2121: coveragepy/coveragepy#2121 .. _issue 2129: coveragepy/coveragepy#2129 .. _pull 2130: coveragepy/coveragepy#2130

.. _changes_7-13-3:

Version 7.13.3 — 2026-02-03

• Fix: in some situations, third-party code was measured when it shouldn't have been, slowing down test execution. This happened with layered virtual environments such as uv sometimes makes. The problem is fixed, closing issue 2082_. Now any directory on sys.path that is inside a virtualenv is considered third-party code.

... (truncated)

Commits

• c88da14 docs: sample HTML for 7.13.5
• e2ac3e1 build: sample HTML shouldn't include the status.json file
• 910f8f3 docs: prep for 7.13.5
• 3a4819c style: make workflows more uniform
• 2a53705 chore: bump the action-dependencies group across 1 directory with 4 updates (...
• e7c878d chore: make upgrade
• ab4db40 build: use --generate-hashes when pinning
• a438753 chore: make upgrade
• 7b33457 refactor: some leftover pyupgrade 3.10 bits
• 2ff968d refactor: this type wasn't used anywhere
• Additional commits viewable in compare view

Updates tox from 4.34.1 to 4.52.0

Release notes

Sourced from tox's releases.

v4.52.0

What's Changed

• remove unsupported --remote flag from gh repo fork by @​rahuldevikar in tox-dev/tox#3908
• ✨ feat(config): support escaped dots in -x override keys by @​gaborbernat in tox-dev/tox#3910
• 🐛 fix(docs): auto-generate manpage from CLI parser by @​gaborbernat in tox-dev/tox#3911
• ✨ feat(runner): add PEP 723 inline script metadata support by @​gaborbernat in tox-dev/tox#3912

Full Changelog: tox-dev/tox@4.51.0...4.52.0

v4.51.0

What's Changed

• 🔒 ci(workflows): add zizmor security auditing by @​gaborbernat in tox-dev/tox#3896
• Add base_python_file config option by @​rahuldevikar in tox-dev/tox#3899
• prevent machine ISA from overriding explicit env factors by @​rahuldevikar in tox-dev/tox#3904
• 🐛 fix(config): fix handling of env_list in nested contexts by @​Daverball in tox-dev/tox#3905
• fix: enable persist-credentials for release workflow by @​rahuldevikar in tox-dev/tox#3907

New Contributors

• @​Daverball made their first contribution in tox-dev/tox#3905

Full Changelog: tox-dev/tox@4.50.3...4.51.0

v4.50.3

What's Changed

• 🐛 fix(pkg): distinguish free-threaded Python in wheel build env by @​gaborbernat in tox-dev/tox#3891

Full Changelog: tox-dev/tox@4.50.2...4.50.3

v4.50.2

What's Changed

• fix(sdist): include docs/man/tox.1.rst by @​branchv in tox-dev/tox#3890

New Contributors

• @​branchv made their first contribution in tox-dev/tox#3890

Full Changelog: tox-dev/tox@4.50.1...4.50.2

v4.50.1

... (truncated)

Changelog

Sourced from tox's changelog.

Features - 4.52.0

• Add virtualenv-pep-723 runner that reads dependencies and Python version from :PEP:723 inline script metadata — no need to duplicate them in tox config - by :user:gaborbernat. (:issue:3897)
• Support escaped dots (\.) in -x/--override keys, allowing overrides to target environments with dots in their names such as py3.14 - by :user:gaborbernat. (:issue:3910)

Bug fixes - 4.52.0

• Auto-generate the manpage from the CLI argparse parser at wheel build time, fixing broken section headers and documenting all commands and options - by :user:gaborbernat. (:issue:3878)

Miscellaneous internal changes - 4.52.0

• Remove unsupported --remote flag from gh repo fork in the update-schemastore workflow, as recent versions of gh no longer accept it - by :user:rahuldevikar. (:issue:3908)

---

v4.51.0 (2026-03-27)

---

Features - 4.51.0

• Add base_python_file configuration option to read the base Python version from a file (e.g. .python-version), similar to GitHub Actions' python-version-file - by :user:rahuldevikar (:issue:3894)

Bug fixes - 4.51.0

• Prevent implicit machine ISA (e.g. arm64, x86_64) from overriding explicit architecture factors in environment names, fixing cross-architecture conflicts in multiline factor conditionals - by :user:rahuldevikar. (:issue:3903)
• Nested environment list configuration values are now properly parsed, validated and expanded by the TOML parser. This allows you to use generative environment lists in tox-gh via the TOML format. Previously this was only possible with the INI format. - by :user:Daverball (:issue:3905)

Miscellaneous internal changes - 4.51.0

• Enable persist-credentials: true in the actions/checkout step of the prepare-release workflow so that git push operations succeed during automated releases - by :user:rahuldevikar. (:issue:3907)

---

v4.50.3 (2026-03-20)

---

Bug fixes - 4.50.3

... (truncated)

Commits

• d83d577 release 4.52.0
• da0f890 ✨ feat(runner): add PEP 723 inline script metadata support (#3912)
• b232d2d 🐛 fix(docs): auto-generate manpage from CLI parser (#3911)
• 84958f7 [pre-commit.ci] pre-commit autoupdate (#3909)
• 15d9ac0 ✨ feat(config): support escaped dots in -x override keys (#3910)
• 0eda3a2 remove unsupported --remote flag from gh repo fork (#3908)
• 5f1ec1a release 4.51.0
• b5f9b13 fix: enable persist-credentials for release workflow (#3907)
• 8c9c199 🐛 fix(config): fix handling of env_list in nested contexts (#3905)
• 451aa9c prevent machine ISA from overriding explicit env factors (#3904)
• Additional commits viewable in compare view

Updates pip from 26.0 to 26.0.1

Changelog

Sourced from pip's changelog.

26.0.1 (2026-02-04)

Bug Fixes

• Fix --pre not being respected from the command line when a requirement file includes an option e.g. -extra-index-url. ([#13788](https://github.com/pypa/pip/issues/13788) <https://github.com/pypa/pip/issues/13788>_)

Commits

• 5fe4ea4 Bump for release
• bea3cbe windows fix tests
• ed22252 News Entry
• af13274 Match release control behavior to the same as format control behavior
• See full diff in compare view

Updates pip-tools from 7.5.2 to 7.5.3

Release notes

Sourced from pip-tools's releases.

v7.5.3

2026-02-11

Bug fixes

• The option --unsafe-package is now normalized -- by @​shifqu.

  PRs and issues: #2150

• Fixed a bug in which pip-compile lost any index URL options when looking up hashes -- by @​sirosen.

  This caused errors when a package was only available from an extra index, and caused pip-compile to incorrectly drop index URL options from output, even when they were present in the input requirements.

  PRs and issues: #2220, #2294, #2305

• Fixed removal of temporary files used when reading requirements from stdin -- by @​sirosen.

Features

• pip-tools is now tested against Python 3.14 and 3.14t in CI, and marks them as supported in the core packaging metadata -- by @​webknjaz.

  PRs and issues: #2255

• pip-tools is now compatible with pip 26.0 -- by @​sirosen.

  PRs and issues: #2319, #2320

Removals and backward incompatible breaking changes

• Removed support for Python 3.8 -- by @​sirosen.

Improved documentation

• The change log management infra now allows the maintainers to add notes before and after the regular categories -- by @​webknjaz.

  PRs and issues: #2287, #2322

• Added documentation clarifying that pip-compile reads the existing output file as a constraint source, and how to use --upgrade to refresh dependencies -- by @​maliktafheem.

  PRs and issues: #2307

... (truncated)

Changelog

Sourced from pip-tools's changelog.

v7.5.3

2026-02-09

Bug fixes

• The option --unsafe-package is now normalized -- by {user}shifqu.

  PRs and issues: {issue}2150

• Fixed a bug in which pip-compile lost any index URL options when looking up hashes -- by {user}sirosen.

  This caused errors when a package was only available from an extra index, and caused pip-compile to incorrectly drop index URL options from output, even when they were present in the input requirements.

  PRs and issues: {issue}2220, {issue}2294, {issue}2305

• Fixed removal of temporary files used when reading requirements from stdin -- by {user}sirosen.

Features

• pip-tools is now tested against Python 3.14 and 3.14t in CI, and marks them as supported in the core packaging metadata -- by {user}webknjaz.

  PRs and issues: {issue}2255

• pip-tools is now compatible with pip 26.0 -- by {user}sirosen.

  PRs and issues: {issue}2319, {issue}2320

Removals and backward incompatible breaking changes

• Removed support for Python 3.8 -- by {user}sirosen.

Improved documentation

• The change log management infra now allows the maintainers to add notes before and after the regular categories -- by {user}webknjaz.

  PRs and issues: {issue}2287, {issue}2322

• Added documentation clarifying that pip-compile reads the existing output file as a constraint source, and how to use --upgrade to refresh dependencies -- by {user}maliktafheem.

  PRs and issues: {issue}2307

... (truncated)

Commits

• 5f31d8a Merge pull request #2332 from sirosen/fix-release-version-normalization
• 106f1d6 Fix CI workflow to normalize versions (for release)
• 3a0f5ed Merge pull request #2329 from sirosen/release/v7.5.3
• e4bd31d Merge pull request #2328 from jazzband/pre-commit-ci-update-config
• 08107ab Update changelog for version 7.5.3
• 5b4d130 Merge pull request #2325 from sirosen/ensure-tmpfile-cleanup
• cc6a2b9 Apply feedback/suggestions from review
• fc53265 [pre-commit.ci] pre-commit autoupdate
• 6c27507 Add 'tempfile_compat' to handle windows tmp files
• 9ac94db Fix leak of temp files when reading from stdin
• Additional commits viewable in compare view

Updates cachetools from 6.2.6 to 7.0.5

Changelog

Sourced from cachetools's changelog.

v7.0.5 (2026-03-09)

• Minor @cachedmethod performance improvements.

v7.0.4 (2026-03-08)

• Fix and properly document @cachedmethod.cache_key behavior.

• Minor documentation improvements.

v7.0.3 (2026-03-05)

• Fix DeprecationWarning when creating an autospec mock with @cachedmethod decorations.

v7.0.2 (2026-03-02)

• Provide more efficient clear() implementation for all support Cache classes (courtesy Josep Pon Farreny).

v7.0.1 (2026-02-10)

• Various test improvements.

• Update Copilot Instructions.

v7.0.0 (2026-02-01)

• Require Python 3.10 or later (breaking change).

• Drop support for passing info as fourth positional parameter to @cached (breaking change).

• Drop support for cache(self) returning None with @cachedmethod (breaking change).

• Convert the @cachedmethod wrappers to descriptors, deprecating its use with class methods and instances that do not provide a mutable __dict__ attribute (potentially breaking change).

... (truncated)

Commits

• 5dce86f Release v7.0.5.
• af5e688 Minor @​cachedmethod performance improvements.
• 0ca75e6 Relase v7.0.4.
• 5b1fa39 Prepare v7.0.4.
• 18e5930 Fix #218: Fix and properly document @​cachedmethod.cache_key handling.
• 98ec79f Drop "class method" from @​cachedmethod docstring.
• 93822a3 Release v7.0.3.
• 57d2e48 Fix #387: Handle obj=None case for inspection in _DescriptorBase.
• 8011b71 Release v7.0.2.
• 73d1602 Minor cleanups.
• Additional commits viewable in compare view

Updates chardet from 5.2.0 to 7.4.0.post2

Release notes

Sourced from chardet's releases.

chardet 7.4.0 brings accuracy up to 99.3% (from 98.6% in 7.3.0) and significantly faster cold start thanks to a new dense model format.

What's New

Performance:

• New dense zlib-compressed model format (v2) drops cold start (import + first detect) from ~75ms to ~13ms with mypyc

Accuracy (98.6% → 99.3%):

• Eliminated train/test data overlap via content fingerprinting
• Added MADLAD-400 and Wikipedia as supplemental training sources
• Improved non-ASCII bigram scoring: high-byte bigrams are now preserved during training and weighted by per-bigram IDF
• Encoding-aware substitution filtering (substitutions only apply for characters the target encoding can't represent)
• Increased training samples from 15K to 25K per language/encoding pair

Bug fixes:

• Added dedicated structural analyzers for CP932, CP949, and Big5-HKSCS (these were previously sharing their base encoding's byte-range analyzer, missing extended ranges)

Metrics

	chardet 7.4.0 (mypyc)	chardet 6.0.0	charset-normalizer 3.4.6
Accuracy (2,517 files)	99.3%	88.2%	85.4%
Speed	551 files/s	12 files/s	376 files/s
Language detection	95.7%	40.0%	59.2%

Full changelog: https://chardet.readthedocs.io/en/latest/changelog.html

7.3.0

License

• 0BSD license — the project license has been changed from MIT to 0BSD, a maximally permissive license with no attribution requirement. All prior 7.x releases should also be considered 0BSD licensed as of this release.

Features

• Added mime_type field to detection results — identifies file types for both binary (via magic number matching) and text content. Returned in all detect(), detect_all(), and UniversalDetector results. (#350)
• New pipeline/magic.py module detects 40+ binary file formats including images, audio/video, archives, documents, executables, and fonts. ZIP-based formats (XLSX, DOCX, JAR, APK, EPUB, wheel, OpenDocument) are distinguished by entry filenames. (#350)

Bug Fixes

• Fixed incorrect equivalence between UTF-16-LE and UTF-16-BE in accuracy testing — these are distinct encodings with different byte order, not interchangeable

Performance

• Added 4 new modules to mypyc compilation (orchestrator, confusion, magic, ascii), bringing the total to 11 compiled modules
• Capped statistical scoring at 16 KB — bigram models converge quickly, so large files no longer score the full 200 KB. Worst-case detection time dropped from 62ms to 26ms with no accuracy loss.
• Replaced dataclasses.replace() with direct DetectionResult construction on hot paths, eliminating ~354k function calls per full test suite run

Build

... (truncated)

Changelog

Sourced from chardet's changelog.

Changelog

.. note::

Entries marked "via Claude" were developed with Claude Code <https://claude.ai/code>_. Dan directed the design, reviewed all output, and takes responsibility for the result. Unmarked entries by Dan were written without AI assistance.

7.4.0 (2026-03-26)

Performance:

• Switched to dense zlib-compressed model format (v2): models are now stored as contiguous memoryview slices of a single decompressed blob, eliminating per-model struct.unpack overhead. Cold start (import + first detect) dropped from ~75ms to ~13ms with mypyc. (Dan Blanchard <https://git...

  Description has been truncated