Skip to content

build(deps): Bump the python-deps group with 8 updates#36

Closed
dependabot[bot] wants to merge 1 commit into
devfrom
dependabot/uv/python-deps-8c3a4ce016
Closed

build(deps): Bump the python-deps group with 8 updates#36
dependabot[bot] wants to merge 1 commit into
devfrom
dependabot/uv/python-deps-8c3a4ce016

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 23, 2026

Copy link
Copy Markdown
Contributor

Bumps the python-deps group with 8 updates:

Package From To
pydantic-settings 2.14.1 2.14.2
synchronicity 0.12.3 0.12.5
commitizen 4.16.3 4.16.4
complexipy 5.6.0 5.6.1
mkdocstrings-python 2.0.4 2.0.5
pytest 9.0.3 9.1.1
ruff 0.15.16 0.15.18
zensical 0.0.45 0.0.46

Updates pydantic-settings from 2.14.1 to 2.14.2

Release notes

Sourced from pydantic-settings's releases.

v2.14.2

What's Changed

This is a security patch release.

Security

Fixes GHSA-4xgf-cpjx-pc3j: NestedSecretsSettingsSource with secrets_nested_subdir=True could follow a symbolic link inside secrets_dir pointing outside it, reading out-of-tree files into settings values and bypassing the secrets_dir_max_size cap. Affected versions: >= 2.12.0, < 2.14.2.

Full Changelog: pydantic/pydantic-settings@v2.14.1...v2.14.2

Commits

Updates synchronicity from 0.12.3 to 0.12.5

Release notes

Sourced from synchronicity's releases.

Release v0.12.5

What's Changed

New Contributors

Full Changelog: modal-labs/synchronicity@v0.12.4...v0.12.5

Release v0.12.4

  • Fix stub generation for classes that base typing.TypedDict (#275)
Commits

Updates commitizen from 4.16.3 to 4.16.4

Release notes

Sourced from commitizen's releases.

v4.16.4 (2026-06-22)

Fix

  • providers/cargo: don't crash on workspace member with fixed version
Commits
  • 205e71c bump: version 4.16.3 → 4.16.4
  • 86b8361 fix(providers/cargo): don't crash on workspace member with fixed version
  • 4765a41 ci(deps): bump peter-evans/find-comment from 3 to 4 (#2020)
  • c85e41f docs(cli/screenshots): update CLI screenshots
  • 1bacc52 ci(deps): bump codecov/codecov-action from 6 to 7 (#2013)
  • 5ef5483 ci: make bump preview comment sticky (#2008)
  • 6cc7e74 ci(docspublish): make cli_interactive gif regeneration deterministic (#2009)
  • b37c9d7 docs(cli/screenshots): update CLI screenshots
  • 8fc9419 ci(deps): bump actions/checkout from 6 to 7 (#2016)
  • d024c22 docs(cli/screenshots): update CLI screenshots
  • See full diff in compare view

Updates complexipy from 5.6.0 to 5.6.1

Release notes

Sourced from complexipy's releases.

5.6.1

Patch release fixing a UTF-8 panic crash when a multi-byte character straddles the comment-marker extraction boundary, and removing the broken auto-release pipeline to prevent cascading failed releases.

Fixed

  • Fixed a panic in extract_comment_marker when a multi-byte UTF-8 character (e.g. em-dash, emoji, accented letters, CJK) straddles byte offset 16 of a comment, which previously aborted analysis of the entire directory. Replaced error-prone byte-slicing with regex-based matching. (#187)

Removed

  • Removed the unreliable release-plz.yml auto-release workflow and its supporting files (CHANGELOG.md, cliff.toml). The workflow had multiple critical failures (sed escaping bugs, unverified tags pushed to main, pipeline self-recursion). Manual releases via release.yml (tag → build → test → publish) are now the standard path. (#188)

PRs

Full Changelog: rohaquinlop/complexipy@5.6.0...5.6.1

Commits
  • 8b94695 Merge pull request #188 from rohaquinlop/remove-automatic-releases
  • acfa62a chore: sync Cargo.lock version to 5.6.1
  • b35f047 ci(release): remove broken auto-release pipeline
  • 8e14a3d chore: release v5.6.1
  • ce4e19a Merge pull request #187 from rohaquinlop/issue-186-panic-on-multi-byte-commen...
  • 1ced2a2 test(utils): add regression test for UTF-8 multi-byte comment panic
  • 8ed282e fix(utils): restore case-insensitive matching and add OnceLock for regex
  • 2aec409 fix(utils): prevent UTF-8 panic in comment marker extraction
  • 95ec26a chore: remove unused docs.yml reusable workflow
  • See full diff in compare view

Updates mkdocstrings-python from 2.0.4 to 2.0.5

Release notes

Sourced from mkdocstrings-python's releases.

2.0.5

2.0.5 - 2026-06-19

Compare with 2.0.4

Bug Fixes

  • Allow relative cross-references to work in summaries (abe2888 by Timothée Mazzucotelli). Issue-331
  • Always display attribute values as they're written in the source (0334131 by Timothée Mazzucotelli). Issue-311
Changelog

Sourced from mkdocstrings-python's changelog.

2.0.5 - 2026-06-19

Compare with 2.0.4

Bug Fixes

  • Allow relative cross-references to work in summaries (abe2888 by Timothée Mazzucotelli). Issue-331
  • Always display attribute values as they're written in the source (0334131 by Timothée Mazzucotelli). Issue-311
Commits
  • 1670ecb chore: Prepare release 2.0.5
  • abe2888 fix: Allow relative cross-references to work in summaries
  • 0334131 fix: Always display attribute values as they're written in the source
  • 39311c7 docs: Lint docs
  • 835a406 chore: Never fail type-checking (maintenance mode)
  • See full diff in compare view

Updates pytest from 9.0.3 to 9.1.1

Release notes

Sourced from pytest's releases.

9.1.1

pytest 9.1.1 (2026-06-19)

Bug fixes

  • #14220: Fixed a logic bug in pytest.RaisesGroup which would might cause it to display incorrect "It matches FooError() which was paired with BarError" messages.
  • #14591: Fixed a regression in pytest 9.1.0 which caused overriding a parametrized fixture with an indirect @​pytest.mark.parametrize to fail with "duplicate parametrization of '<fixture name>'".
  • #14606: Fixed list-item typing errors from mypy in @pytest.mark.parametrize <pytest.mark.parametrize ref> argvalues parameter.
  • #14608: Fixed a regression in pytest 9.1.0 where conftest.py files located in <invocation dir>/test* were no longer loaded as initial conftests when invoked without arguments. This could cause certain hooks (like pytest_addoption) in these files to not fire.

9.1.0

pytest 9.1.0 (2026-06-13)

Removals and backward incompatible breaking changes

  • #14533: When using --doctest-modules, autouse fixtures with module, package or session scope that are defined inline in Python test modules (not plugins or conftests) will now possibly execute twice.

    If this is undesirable, move the fixture definition to a conftest.py file if possible.

    Technical explanation for those interested: When using --doctest-modules, pytest possibly collects Python modules twice, once as pytest.Module and once as a DoctestModule (depending on the configuration). Due to improvements in pytest's fixture implementation, if e.g. the DoctestModule collects a fixture, it is now visible to it only, and not to the Module. This means that both need to register the fixtures independently.

Deprecations (removal in next major release)

  • #10819: Added a deprecation warning for class-scoped fixtures defined as instance methods (without @classmethod). Such fixtures set attributes on a different instance than the test methods use, leading to unexpected behavior. Use @classmethod decorator instead -- by yastcher.

    See 10819 and 14011.

  • #12882: Calling request.getfixturevalue() <pytest.FixtureRequest.getfixturevalue> during teardown to request a fixture that was not already requested is now deprecated and will become an error in pytest 10.

    See dynamic-fixture-request-during-teardown for details.

  • #13409: Using non-~collections.abc.Collection iterables (such as generators, iterators, or custom iterable objects) for the argvalues parameter in @pytest.mark.parametrize <pytest.mark.parametrize ref> and metafunc.parametrize <pytest.Metafunc.parametrize> is now deprecated.

    These iterables get exhausted after the first iteration, leading to tests getting unexpectedly skipped in cases such as running pytest.main() multiple times, using class-level parametrize decorators, or collecting tests multiple times.

    See parametrize-iterators for details and suggestions.

  • #13946: The private config.inicfg attribute is now deprecated. Use config.getini() <pytest.Config.getini> to access configuration values instead.

    See config-inicfg for more details.

  • #14004: Passing baseid to ~pytest.FixtureDef or nodeid strings to fixture registration APIs is now deprecated. These are internal pytest APIs that are used by some plugins.

... (truncated)

Commits
  • cf470ec Prepare release version 9.1.1
  • e0c8ce6 Merge pull request #14625 from pytest-dev/patchback/backports/9.1.x/a07c31a97...
  • 1b82d16 Merge pull request #14624 from pytest-dev/patchback/backports/9.1.x/b375b79ec...
  • 501c4bc Merge pull request #14596 from bluetech/doc-classmethod
  • b61f588 Merge pull request #14622 from chrisburr/fix-14608-initial-conftest-test-subdir
  • 9a567e0 [automated] Update plugin list (#14617) (#14618)
  • ef8b299 Merge pull request #14620 from pytest-dev/patchback/backports/9.1.x/680f9f3ed...
  • 66abd07 Merge pull request #14220 from bysiber/fix-stale-iexp-raisesgroup
  • 79fbf93 Merge pull request #14612 from pytest-dev/patchback/backports/9.1.x/974ed48b6...
  • 0d312eb Merge pull request #14611 from bluetech/parametrize-argvalues-typing
  • Additional commits viewable in compare view

Updates ruff from 0.15.16 to 0.15.18

Release notes

Sourced from ruff's releases.

0.15.18

Release Notes

Released on 2026-06-18.

Preview features

  • Handle nested ruff:ignore comments (#25791)
  • Stop displaying severity in output (#26050)
  • Use human-readable names in CLI output (#25937)
  • Use human-readable names in LSP and playground diagnostics (#26058)
  • [pydocstyle] Prevent property docstrings starting with verbs (D421) (#23775)
  • [flake8-pyi] Extend PYI033 to Python files (#26129)

Bug fixes

  • Detect equivalent numeric mapping keys (#26009)
  • Detect mapping keys equivalent to booleans (#25982)
  • Detect repeated signed and complex dictionary keys (#26007)

Rule changes

  • [flake8-pyi] Rename PYI033 to legacy-type-comment (#26131)

Performance

  • Use ThinVec for call keywords (#25999)
  • Inline parser recovery context checks (#26038)
  • Match parser keywords as bytes (#26037)
  • Move value parsing out of lexing (#25360)

Server

  • Render subdiagnostics and secondary annotations as related information (#26011)

Documentation

  • Update fix availability for always-fixable rules (#26091)
  • [flake8-tidy-imports] Add fix safety section (TID252) (#17491)

Parser

  • Reject __debug__ lambda parameters (#26022)
  • Reject _ as a match-pattern target (#25977)
  • Reject multiple starred names in sequence patterns (#25976)
  • Reject parenthesized star imports (#26021)
  • Reject starred comprehension targets (#26023)
  • Reject unparenthesized generator expressions in class bases (#25978)
  • Reject yield expressions after commas (#26024)
  • Validate function type parameter default order (#25981)

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.18

Released on 2026-06-18.

Preview features

  • Handle nested ruff:ignore comments (#25791)
  • Stop displaying severity in output (#26050)
  • Use human-readable names in CLI output (#25937)
  • Use human-readable names in LSP and playground diagnostics (#26058)
  • [pydocstyle] Prevent property docstrings starting with verbs (D421) (#23775)
  • [flake8-pyi] Extend PYI033 to Python files (#26129)

Bug fixes

  • Detect equivalent numeric mapping keys (#26009)
  • Detect mapping keys equivalent to booleans (#25982)
  • Detect repeated signed and complex dictionary keys (#26007)

Rule changes

  • [flake8-pyi] Rename PYI033 to legacy-type-comment (#26131)

Performance

  • Use ThinVec for call keywords (#25999)
  • Inline parser recovery context checks (#26038)
  • Match parser keywords as bytes (#26037)
  • Move value parsing out of lexing (#25360)

Server

  • Render subdiagnostics and secondary annotations as related information (#26011)

Documentation

  • Update fix availability for always-fixable rules (#26091)
  • [flake8-tidy-imports] Add fix safety section (TID252) (#17491)

Parser

  • Reject __debug__ lambda parameters (#26022)
  • Reject _ as a match-pattern target (#25977)
  • Reject multiple starred names in sequence patterns (#25976)
  • Reject parenthesized star imports (#26021)
  • Reject starred comprehension targets (#26023)
  • Reject unparenthesized generator expressions in class bases (#25978)
  • Reject yield expressions after commas (#26024)
  • Validate function type parameter default order (#25981)

... (truncated)

Commits

Updates zensical from 0.0.45 to 0.0.46

Release notes

Sourced from zensical's releases.

0.0.46

Summary

This version improves search result quality and includes several bug fixes and refactorings.

Search excerpts

Search results now include excerpts, making it easier to understand why a result matches. Search remains fully client-side and as fast as before, even for projects with thousands of pages. We still consider search an active area of iteration and expect to further improve it and expose more configuration options over time.

Try it in our documentation!

User interface

The user interface is updated to v0.0.19, which includes several navigation and interaction fixes. Search highlighting now ignores single-character tokens, which avoids noisy matches like highlighting every e for queries such as e-mail. Instant previews now include a hover bridge so moving the cursor from a link to the tooltip no longer drops the popup across the visual gap.

Dependencies were also updated, including TypeScript 6 and SVGO 4 compatibility adjustments. 83 new icons were added, 2 icons were removed, and 19 icons were modified. The Lucide icon set was updated to version v1.21.0.

Validation defaults

The validation options unresolved_references, unresolved_footnotes, unused_definitions, unused_footnotes, shadowed_definitions, and shadowed_footnotes are now disabled by default. These checks remain available when explicitly enabled, but they have proven too unstable in edge cases with the current reference parser. They will eventually be superseded by the higher-fidelity parser that is already used by Zensical Studio and is planned for Open Source release and later integration into Zensical.

Changelog

Bug fixes

  • aeb31ad ui – update ui to v0.0.19
  • 61b6d05 compat – preserve small tags in generated search index
  • edb0878 zensical – search path segment is empty when title is sourced from section index page
  • 909f973 compat – don't crash on invalid URLs in HTML (#755)
  • e6b55fe compat – strip images from toc labels (#749)
  • 0f11c7f – update pyo3 to 0.29.0 to mitigate 2 vulnerabilities

Refactorings

  • e4a370f zensical, compat – change several validation defaults to false (#758)
Commits
  • c76960e chore: release v0.0.46
  • 5533aba Merge pull request #761 from zensical/chore/update-ui
  • aeb31ad fix: update ui to v0.0.19
  • fb4637c chore: update .mono.toml to account for configuration changes
  • 61b6d05 fix: preserve small tags in generated search index
  • edb0878 fix: search path segment is empty when title is sourced from section index page
  • e4a370f refactor: change several validation defaults to false (#758)
  • 909f973 fix: don't crash on invalid URLs in HTML (#755)
  • e6b55fe fix: strip images from toc labels (#749)
  • 0f11c7f fix: update pyo3 to 0.29.0 to mitigate 2 vulnerabilities
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the python-deps group with 8 updates:

| Package | From | To |
| --- | --- | --- |
| [pydantic-settings](https://github.com/pydantic/pydantic-settings) | `2.14.1` | `2.14.2` |
| [synchronicity](https://github.com/erikbern/synchronicity) | `0.12.3` | `0.12.5` |
| [commitizen](https://github.com/commitizen-tools/commitizen) | `4.16.3` | `4.16.4` |
| [complexipy](https://github.com/rohaquinlop/complexipy) | `5.6.0` | `5.6.1` |
| [mkdocstrings-python](https://github.com/mkdocstrings/python) | `2.0.4` | `2.0.5` |
| [pytest](https://github.com/pytest-dev/pytest) | `9.0.3` | `9.1.1` |
| [ruff](https://github.com/astral-sh/ruff) | `0.15.16` | `0.15.18` |
| [zensical](https://github.com/zensical/zensical) | `0.0.45` | `0.0.46` |


Updates `pydantic-settings` from 2.14.1 to 2.14.2
- [Release notes](https://github.com/pydantic/pydantic-settings/releases)
- [Commits](pydantic/pydantic-settings@v2.14.1...v2.14.2)

Updates `synchronicity` from 0.12.3 to 0.12.5
- [Release notes](https://github.com/erikbern/synchronicity/releases)
- [Commits](modal-labs/synchronicity@v0.12.3...v0.12.5)

Updates `commitizen` from 4.16.3 to 4.16.4
- [Release notes](https://github.com/commitizen-tools/commitizen/releases)
- [Changelog](https://github.com/commitizen-tools/commitizen/blob/master/CHANGELOG.md)
- [Commits](commitizen-tools/commitizen@v4.16.3...v4.16.4)

Updates `complexipy` from 5.6.0 to 5.6.1
- [Release notes](https://github.com/rohaquinlop/complexipy/releases)
- [Commits](rohaquinlop/complexipy@5.6.0...5.6.1)

Updates `mkdocstrings-python` from 2.0.4 to 2.0.5
- [Release notes](https://github.com/mkdocstrings/python/releases)
- [Changelog](https://github.com/mkdocstrings/python/blob/main/CHANGELOG.md)
- [Commits](mkdocstrings/python@2.0.4...2.0.5)

Updates `pytest` from 9.0.3 to 9.1.1
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](pytest-dev/pytest@9.0.3...9.1.1)

Updates `ruff` from 0.15.16 to 0.15.18
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.16...0.15.18)

Updates `zensical` from 0.0.45 to 0.0.46
- [Release notes](https://github.com/zensical/zensical/releases)
- [Commits](zensical/zensical@v0.0.45...v0.0.46)

---
updated-dependencies:
- dependency-name: pydantic-settings
  dependency-version: 2.14.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-deps
- dependency-name: synchronicity
  dependency-version: 0.12.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-deps
- dependency-name: commitizen
  dependency-version: 4.16.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: python-deps
- dependency-name: complexipy
  dependency-version: 5.6.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: python-deps
- dependency-name: mkdocstrings-python
  dependency-version: 2.0.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: python-deps
- dependency-name: pytest
  dependency-version: 9.1.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: python-deps
- dependency-name: ruff
  dependency-version: 0.15.18
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: python-deps
- dependency-name: zensical
  dependency-version: 0.0.46
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: python-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jun 23, 2026
@dependabot dependabot Bot requested a review from jjeff07 as a code owner June 23, 2026 17:55
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jun 23, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jun 30, 2026

Copy link
Copy Markdown
Contributor Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Jun 30, 2026
@dependabot dependabot Bot deleted the dependabot/uv/python-deps-8c3a4ce016 branch June 30, 2026 17:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants