chore(deps-dev): bump the development-dependencies group across 1 directory with 7 updates

[dependabot]

Bumps the development-dependencies group with 7 updates in the / directory:

Package	From	To
coverage	7.11.0	7.13.4
gitpython	3.1.45	3.1.46
pre-commit	4.3.0	4.5.1
pyright	1.1.407	1.1.408
pytest	8.4.2	9.0.2
python-semantic-release	10.4.1	10.5.3
refurb	2.2.0	2.3.0

Updates coverage from 7.11.0 to 7.13.4

Changelog

Sourced from coverage's changelog.

Version 7.13.4 — 2026-02-09

• Fix: the third-party code fix in 7.13.3 required examining the parent directories where coverage was run. In the unusual situation that one of the parent directories is unreadable, a PermissionError would occur, as described in issue 2129_. This is now fixed.

• Fix: in test suites that change sys.path, coverage.py could fail with "RuntimeError: Set changed size during iteration" as described and fixed in pull 2130_. Thanks, Noah Fatsi.

• We now publish ppc64le wheels, thanks to Pankhudi Jain <pull 2121_>_.

.. _pull 2121: coveragepy/coveragepy#2121 .. _issue 2129: coveragepy/coveragepy#2129 .. _pull 2130: coveragepy/coveragepy#2130

.. _changes_7-13-3:

Version 7.13.3 — 2026-02-03

• Fix: in some situations, third-party code was measured when it shouldn't have been, slowing down test execution. This happened with layered virtual environments such as uv sometimes makes. The problem is fixed, closing issue 2082_. Now any directory on sys.path that is inside a virtualenv is considered third-party code.

.. _issue 2082: coveragepy/coveragepy#2082

.. _changes_7-13-2:

Version 7.13.2 — 2026-01-25

• Fix: when Python is installed via symlinks, for example with Homebrew, the standard library files could be incorrectly included in coverage reports. This is now fixed, closing issue 2115_.

• Fix: if a data file is created with no read permissions, the combine step would fail completely. Now a warning is issued and the file is skipped. Closes issue 2117_.

.. _issue 2115: coveragepy/coveragepy#2115 .. _issue 2117: coveragepy/coveragepy#2117

... (truncated)

Commits

• 4f78d57 build: no need to publish status.json
• f8616ff docs: sample HTML for 7.13.4
• fcf8c68 docs: prep for 7.13.4
• 189ecfd docs: thanks Pankhudi Jain for ppc64le wheels #2121
• 58aade0 build: add support for ppc64le architecture (#2121)
• 8ea42c8 chore: bump actions/attest-build-provenance (#2131)
• c09595f docs: Janine put a lot of effort into debugging issue #2128
• 8ee1760 docs: Greg wrote a great issue: #2129
• 76ba043 docs: thanks, Noah Fatsi
• 371fcc5 fix: set fixed paths_list in TreeMatcher init (#2130)
• Additional commits viewable in compare view

Updates gitpython from 3.1.45 to 3.1.46

Release notes

Sourced from gitpython's releases.

3.1.46

What's Changed

• Prepare a new release by @​Byron in gitpython-developers/GitPython#2063
• Bump actions/checkout from 4 to 5 by @​dependabot[bot] in gitpython-developers/GitPython#2067
• Bump git/ext/gitdb from 335c0f6 to 39d7dbf by @​dependabot[bot] in gitpython-developers/GitPython#2068
• Bump actions/setup-python from 5 to 6 by @​dependabot[bot] in gitpython-developers/GitPython#2070
• Bump git/ext/gitdb from 39d7dbf to f8fdfec by @​dependabot[bot] in gitpython-developers/GitPython#2071
• Fix type hint for SymbolicReference.reference property by @​emmanuel-ferdman in gitpython-developers/GitPython#2074
• feat: Add support for hasconfig git rule. by @​bvanelli in gitpython-developers/GitPython#2075
• Bump github/codeql-action from 3 to 4 by @​dependabot[bot] in gitpython-developers/GitPython#2076
• Use actual return type in annotation for method submodule_update by @​extrwi in gitpython-developers/GitPython#2078
• Bump git/ext/gitdb from f8fdfec to 65321a2 by @​dependabot[bot] in gitpython-developers/GitPython#2082
• Preliminary support for index format v3 by @​blahgeek in gitpython-developers/GitPython#2081
• Bump actions/checkout from 5 to 6 by @​dependabot[bot] in gitpython-developers/GitPython#2084
• Pin mypy==1.18.2 by @​George-Ogden in gitpython-developers/GitPython#2087
• Respect os.Pathlike by @​George-Ogden in gitpython-developers/GitPython#2086
• Bump git/ext/gitdb from 65321a2 to 4c63ee6 by @​dependabot[bot] in gitpython-developers/GitPython#2093
• Join Pathlike Object to Tree by @​George-Ogden in gitpython-developers/GitPython#2094

New Contributors

• @​emmanuel-ferdman made their first contribution in gitpython-developers/GitPython#2074
• @​bvanelli made their first contribution in gitpython-developers/GitPython#2075
• @​extrwi made their first contribution in gitpython-developers/GitPython#2078
• @​blahgeek made their first contribution in gitpython-developers/GitPython#2081
• @​George-Ogden made their first contribution in gitpython-developers/GitPython#2087

Full Changelog: gitpython-developers/GitPython@3.1.45...3.1.46

Commits

• 9e24eb6 Prepare next release
• b8bb60e Merge pull request #2094 from George-Ogden/join-pathlike
• c8b58c0 Update test/test_tree.py
• 88e2614 Allow joining path to tree
• 9fa28ae Add failing tests for joining paths
• 6d66a02 Merge pull request #2093 from gitpython-developers/dependabot/submodules/git/...
• f738029 Bump git/ext/gitdb from 65321a2 to 4c63ee6
• eecc28d Merge pull request #2086 from George-Ogden/true-pathlike
• 0cb55fb Revert "Add tests with non-ascii characters"
• 1710626 Add tests with non-ascii characters
• Additional commits viewable in compare view

Updates pre-commit from 4.3.0 to 4.5.1

Release notes

Sourced from pre-commit's releases.

pre-commit v4.5.1

Fixes

• Fix language: python with repo: local without additional_dependencies.
  • #3597 PR by @​asottile.

pre-commit v4.5.0

Features

• Add pre-commit hazmat.
  • #3585 PR by @​asottile.

pre-commit v4.4.0

Features

• Add --fail-fast option to pre-commit run.
  • #3528 PR by @​JulianMaurin.
• Upgrade ruby-build / rbenv.
  • #3566 PR by @​asottile.
  • #3565 issue by @​MRigal.
• Add language: unsupported / language: unsupported_script as aliases for language: system / language: script (which will eventually be deprecated).
  • #3577 PR by @​asottile.
• Add support docker-in-docker detection for cgroups v2.
  • #3535 PR by @​br-rhrbacek.
  • #3360 issue by @​JasonAlt.

Fixes

• Handle when docker gives SecurityOptions: null.
  • #3537 PR by @​asottile.
  • #3514 issue by @​jenstroeger.
• Fix error context for invalid stages in .pre-commit-config.yaml.
  • #3576 PR by @​asottile.

Changelog

Sourced from pre-commit's changelog.

4.5.1 - 2025-12-16

Fixes

• Fix language: python with repo: local without additional_dependencies.
  • #3597 PR by @​asottile.

4.5.0 - 2025-11-22

Features

• Add pre-commit hazmat.
  • #3585 PR by @​asottile.

4.4.0 - 2025-11-08

Features

• Add --fail-fast option to pre-commit run.
  • #3528 PR by @​JulianMaurin.
• Upgrade ruby-build / rbenv.
  • #3566 PR by @​asottile.
  • #3565 issue by @​MRigal.
• Add language: unsupported / language: unsupported_script as aliases for language: system / language: script (which will eventually be deprecated).
  • #3577 PR by @​asottile.
• Add support docker-in-docker detection for cgroups v2.
  • #3535 PR by @​br-rhrbacek.
  • #3360 issue by @​JasonAlt.

Fixes

• Handle when docker gives SecurityOptions: null.
  • #3537 PR by @​asottile.
  • #3514 issue by @​jenstroeger.
• Fix error context for invalid stages in .pre-commit-config.yaml.
  • #3576 PR by @​asottile.

Commits

• 8a0630c v4.5.1
• fcbc745 Merge pull request #3597 from pre-commit/empty-setup-py
• 51592ee fix python local template when artifact dirs are present
• 67e8faf Merge pull request #3596 from pre-commit/pre-commit-ci-update-config
• c251e6b [pre-commit.ci] pre-commit autoupdate
• 98ccafa Merge pull request #3593 from pre-commit/pre-commit-ci-update-config
• 4895355 [pre-commit.ci] pre-commit autoupdate
• 2cedd58 Merge pull request #3588 from pre-commit/pre-commit-ci-update-config
• 465192d [pre-commit.ci] pre-commit autoupdate
• fd42f96 Merge pull request #3586 from pre-commit/zipapp-sha256-file-not-needed
• Additional commits viewable in compare view

Updates pyright from 1.1.407 to 1.1.408

Commits

• 81b795a Pyright NPM Package update to 1.1.408 (#357)
• See full diff in compare view

Updates pytest from 8.4.2 to 9.0.2

Release notes

Sourced from pytest's releases.

9.0.2

pytest 9.0.2 (2025-12-06)

Bug fixes

• #13896: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.

  You may enable it again by passing -p terminalprogress. We may enable it by default again once compatibility improves in the future.

  Additionally, when the environment variable TERM is dumb, the escape codes are no longer emitted, even if the plugin is enabled.

• #13904: Fixed the TOML type of the tmp_path_retention_count settings in the API reference from number to string.

• #13946: The private config.inicfg attribute was changed in a breaking manner in pytest 9.0.0. Due to its usage in the ecosystem, it is now restored to working order using a compatibility shim. It will be deprecated in pytest 9.1 and removed in pytest 10.

• #13965: Fixed quadratic-time behavior when handling unittest subtests in Python 3.10.

Improved documentation

• #4492: The API Reference now contains cross-reference-able documentation of pytest's command-line flags <command-line-flags>.

9.0.1

pytest 9.0.1 (2025-11-12)

Bug fixes

• #13895: Restore support for skipping tests via raise unittest.SkipTest.
• #13896: The terminal progress plugin added in pytest 9.0 is now automatically disabled when iTerm2 is detected, it generated desktop notifications instead of the desired functionality.
• #13904: Fixed the TOML type of the verbosity settings in the API reference from number to string.
• #13910: Fixed UserWarning: Do not expect file_or_dir on some earlier Python 3.12 and 3.13 point versions.

Packaging updates and notes for downstreams

• #13933: The tox configuration has been adjusted to make sure the desired version string can be passed into its package_env through the SETUPTOOLS_SCM_PRETEND_VERSION_FOR_PYTEST environment variable as a part of the release process -- by webknjaz.

Contributor-facing changes

• #13891, #13942: The CI/CD part of the release automation is now capable of creating GitHub Releases without having a Git checkout on disk -- by bluetech and webknjaz.
• #13933: The tox configuration has been adjusted to make sure the desired version string can be passed into its package_env through the SETUPTOOLS_SCM_PRETEND_VERSION_FOR_PYTEST environment variable as a part of the release process -- by webknjaz.

... (truncated)

Commits

• 3d10b51 Prepare release version 9.0.2
• 188750b Merge pull request #14030 from pytest-dev/patchback/backports/9.0.x/1e4b01d1f...
• b7d7bef Merge pull request #14014 from bluetech/compat-note
• bd08e85 Merge pull request #14013 from pytest-dev/patchback/backports/9.0.x/922b60377...
• bc78386 Add CLI options reference documentation (#13930)
• 5a4e398 Fix docs typo (#14005) (#14008)
• d7ae6df Merge pull request #14006 from pytest-dev/maintenance/update-plugin-list-tmpl...
• 556f6a2 pre-commit: fix rst-lint after new release (#13999) (#14001)
• c60fbe6 Fix quadratic-time behavior when handling unittest subtests in Python 3.10 ...
• 73d9b01 Merge pull request #13995 from nicoddemus/patchback/backports/9.0.x/1b5200c0f...
• Additional commits viewable in compare view

Updates python-semantic-release from 10.4.1 to 10.5.3

Release notes

Sourced from python-semantic-release's releases.

v10.5.3 (2025-12-14)

This release is published under the MIT License.

🪲 Bug Fixes

• cmd-version: Resolve unauthenticated git repo issues for upstream verification (PR#1388, e164f68)

• github-action: Fix failed signing issue when ssh was missing from action environment (PR#1389, 18b7eda)

• parser-conventional-monorepo: Fix parser opts validator for outside dir path matches (PR#1382, a51eadd)

✅ Resolved Issues

• #1373: verify_upstream_unchanged fails on github actions when git repo is unauthenticated

• #1376: ssh-agent & ssh-add is missing from python-semantic-release github action

• #1380: Monorepo path_filters fails to reference paths outside the current package subtree

---

Detailed Changes: v10.5.2...v10.5.3

---

Installable artifacts are available from:

• PyPi Registry

• GitHub Release Assets

v10.5.2

[!WARNING] 2025-11-11: Release fails git repo is unauthenticated (See #1373) & if you use SSH commit & tag signing (See #1376) - Resolved in v10.5.3

v10.5.2 (2025-11-10)

This release is published under the MIT License.

🪲 Bug Fixes

• cmd-version: Toggle verify upstream off when no version commit is made (PR#1370, e0b3b70)

---

Detailed Changes: v10.5.1...v10.5.2

---

... (truncated)

Changelog

Sourced from python-semantic-release's changelog.

v10.5.3 (2025-12-14)

🪲 Bug Fixes

• cmd-version: Resolve unauthenticated git repo issues for upstream verification, closes [#1373](https://github.com/python-semantic-release/python-semantic-release/issues/1373)_ (PR#1388, e164f68)

• github-action: Fix failed signing issue when ssh was missing from action environment, closes [#1376](https://github.com/python-semantic-release/python-semantic-release/issues/1376)_ (PR#1389, 18b7eda)

• parser-conventional-monorepo: Fix parser opts validator for outside dir path matches, closes [#1380](https://github.com/python-semantic-release/python-semantic-release/issues/1380)_ (PR#1382, a51eadd)

.. _#1373: python-semantic-release/python-semantic-release#1373 .. _#1376: python-semantic-release/python-semantic-release#1376 .. _#1380: python-semantic-release/python-semantic-release#1380 .. _18b7eda: python-semantic-release/python-semantic-release@18b7eda .. _a51eadd: python-semantic-release/python-semantic-release@a51eadd .. _e164f68: python-semantic-release/python-semantic-release@e164f68 .. _PR#1382: python-semantic-release/python-semantic-release#1382 .. _PR#1388: python-semantic-release/python-semantic-release#1388 .. _PR#1389: python-semantic-release/python-semantic-release#1389

.. _changelog-v10.5.2:

v10.5.2 (2025-11-10)

🪲 Bug Fixes

• cmd-version: Toggle verify upstream off when no version commit is made (PR#1370, e0b3b70)

.. _e0b3b70: python-semantic-release/python-semantic-release@e0b3b70 .. _PR#1370: python-semantic-release/python-semantic-release#1370

.. _changelog-v10.5.1:

v10.5.1 (2025-11-10)

🪲 Bug Fixes

• cmd-version: Fix upstream change detection to succeed without branch tracking (PR#1369_,

... (truncated)

Commits

• 350c48f chore: release v10.5.3
• a51eadd fix(parser-conventional-monorepo): fix parser opts validator for outside dir ...
• 427af48 test(fixtures): upgrade monorepos to monitor external package files
• 27a006c test(fixtures): upgrade commit simulation to modify specific files
• e164f68 fix(cmd-version): resolve unauthenticated git repo issues for upstream verifi...
• 18b7eda fix(github-action): fix failed signing issue when ssh was missing from action...
• 779af88 ci(deps): bump tj-actions/changed-files@v47.0.0 action to v47.0.1 (#1394)
• edf0229 ci(deps): bump actions/stale@v10.1.0 to v10.1.1 (#1394)
• e0927e3 ci(deps): bump actions/setup-python@v6.0.0 to v6.1.0 (#1394)
• b984f41 ci(deps): bump actions/upload-artifact@v5.0.0 to v6.0.0 (#1394)
• Additional commits viewable in compare view

Updates refurb from 2.2.0 to 2.3.0

Release notes

Sourced from refurb's releases.

Release v2.3.0

What's Changed

• Fix crash on PEP 695 type alias statements by @​Fridayai700 in dosisod/refurb#360
• Fix FURB111 false positive on lambdas with default arguments by @​Fridayai700 in dosisod/refurb#363
• Fix FURB173 false positive on Mapping types by @​Fridayai700 in dosisod/refurb#361
• Fix FURB184 false positive when assignment is not a call by @​Fridayai700 in dosisod/refurb#368
• Fix FURB142 false positive when set target depends on loop variable by @​Fridayai700 in dosisod/refurb#367
• Fix FURB148 false positive when loop variable is used after loop by @​Fridayai700 in dosisod/refurb#370

New Contributors

• @​Fridayai700 made their first contribution in dosisod/refurb#360

Full Changelog: dosisod/refurb@v2.2.0...v2.3.0

Commits

• 2fd5fe0 Bump version to 2.3.0
• d10ae46 Fix FURB148 false positive when loop variable is used after loop (#370)
• e2ce817 Fix FURB142 false positive when set target depends on loop variable (#367)
• aea2e65 Fix FURB184 false positive when assignment is not a call (#368)
• 5574ece Fix FURB173 false positive on Mapping types (#361)
• 0726924 Fix FURB111 false positive on lambdas with default arguments (#363)
• c8db505 Fix crash on PEP 695 type alias statements (#360)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Assignees

The following users could not be added as assignees: jonzeolla. Either the username does not exist or it does not have the correct permissions to be added as an assignee.

Labels

The following labels could not be found: dependencies, python. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[ai-coding-guardrails]

Nice work! 😎

I didn't find anything of concern

List of skipped files due to configuration

• uv.lock

Reviewed with 🤟 by Zenable